WAFs don’t understand context, and they don’t detect logic-based attacks like authenti tl;dr: WAFs don’t understand context, and they don’t detect logic-based attacks like authentication bypasses.

They also can be circumvented by attackers who are able to use a proxy or VPN to hide their IP address. And WAFs aren’t good at detecting anomalies in traffic patterns that could indicate an attacker is trying to probe for vulnerabilities
https://t.co/wPhHcOwDe3