Knight, who is Traceables director of security research and development, said WAFs are a quick fix to a problem that doesnt exist anymore. They were designed to protect legacy applications from known attacks like SQL injection or cross-site scripting (XSS). But they dont understand the context of API calls what data is being passed in them, where it came from and why it was sent there. And they can be bypassed with simple techniques like JSONP [JavaScript Object Notation with Padding]
https://t.co/5rALsPQsmz