Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Trustwave to Deliver Briefing at OWASP AppSec Europe 2009

Experts to Demonstrate Vulnerabilities in Commercial Web Application Firewalls

CHICAGO (May 12, 2009) - Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, will deliver a briefing at OWASP AppSec Europe, 13-14 May, 2009. Wendel Henrique, a member of SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, ethical hacking and application security, will conduct the briefing along with Sandro Gauci of EnableSecurity.

The presentation will examine the security effectiveness of Web Application Firewalls (WAFs), the next generation product that protects Web sites from application level attacks such as Cross Site Scripting and SQL injection. WAFs inspect every request sent and received from a Web Server, parsing, decoding and analyzing all requests for potential attacks. Depending on the set of rules applied by the WAF, it will either log an attack or block it. WAFs are either software or hardware and are typically installed in front of a Web server in an effort to try and shield it from incoming attacks.

Through continuous research, Henrique and Gauci have determined that many commonly used Web Application Firewalls are themselves vulnerable to hacking. The result of studying different WAF products, methodologies and technologies, has created generic and specific techniques to detect, identify, bypass and even exploit these systems.

Using this research, Henrique and Gauci created "WafW00f," a tool that applies their research and automates the process of identifying WAFs. WafW00f can precisely identify 20 different brands of WAFs and detect if they are in reactive mode. A second tool they've created, "WafFun," allows them to bypass and exploit WAF systems. Together, their tools allow them to identify the traffic blocked by the WAF and modify their attacks in a way that is completely blind to the WAF system, enabling the exploitation of the Web-facing application.

Consequently, if the WAF system is circumvented then the Web application is returned to a state prior to the installation of the WAF. If an attacker is able to exploit a flaw in the WAF, the attacker can take complete control of the system, resulting in disabled rules, copying of local files, and using the WAF system to launch further attacks.

During their presentation, Henrique and Gauci will use WafW00f, WafFun and other original tools to detect, bypass and exploit commercial WAF systems, showing first-hand the vulnerabilities associated with these systems.

"In theory, Web Application Firewalls should work transparently, preventing an end user or attacker to know they are in place, but improper configuration leaves signs that allow detection and identification of these systems," says Robert J. McCullen, chairman and CEO of Trustwave. "With the increase in Web application attacks, organizations have to be certain that their environment is secure and cannot leave any vulnerabilities, known or unknown, for attackers to exploit."

"Web application firewalls try to protect poorly written applications from attacks proving highly ineffective if the WAF fails or can be detected by the attacker," says Nicholas Percoco, vice president and head of SpiderLabs for Trustwave. "Application code reviews or penetration tests should always be performed to identify the problems outright. A WAF can be used to buy time for developers while fixes are implemented, but should never be seen as the final destination in a secure development lifecycle."

About Trustwave
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates  and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit

Latest News Releases

Trustwave MailMarshal Now Available on Microsoft Azure Marketplace

Chicago – February 1, 2024 – Trustwave, a global cybersecurity and managed security services leader, today announced the availability of Trustwave MailMarshal on the Microsoft Azure Marketplace, an...

Read More

Aquion and Trustwave Announce Strategic Partnership to Boost Cybersecurity in Australia and New Zealand

Sydney, Australia - Jan 30, 2024 - Aquion, a specialist in value-added software distribution, proudly announces its strategic partnership with global managed cybersecurity leader Trustwave. This...

Read More

Trustwave Government Solutions Attains FedRAMP "In Process – PMO Review” Designation

Chicago – January 18, 2024 – Trustwave Government Solutions (TGS), a leading Federally-focused cybersecurity provider and the wholly-owned subsidiary of Trustwave, today announced its achievement of...

Read More