Introduction:
The introduction will start with a brief overview of my background and experience in cybersecurity, setting the stage for the discussion to come by giving a high-level overview of Web Application Firewalls. During the WAF overview, the talk will focus on why WAFs don't remediate security vulnerabilities and instead mitigate them. I will give some well known examples and set out the expectation that WAFs are generally expected to cover the OWASP Top 10.

Understanding WAFs:
In this section, I will introduce the audience to the fundamental aspects of Web Application Firewalls (WAFs), by exploring their architecture and the roles they play in protecting web applications and simply what makes a WAF a WAF. We will discuss how the WAFs are designed to filter and monitor HTTP traffic between a web application and the internet. By understanding the general purpose of WAFs and where we usually find them, we can see how they fit into a broader security environment. I will also go into some security overlaps that exist when choosing a WAF not developed with an organisation's custom implementations (eg: Custom Cryptography, Custom Querying Syntax) in mind, and how this can defeat the purpose of having a WAF.

WAFs In Modern Times:
It is essential to understand what makes a modern WAF and the key features and improvements that set apart older WAFs from modern ones. I will run through what modern WAFs are expected to cover in contrast to what older and deprecated WAFs cover. We will look at the historical development of WAFs and what evolution WAFs have gone through to get to where they are today. I will also briefly highlight the great value of having a WAF be open-source and the developmental benefits that unlocks through community-driven development.

The Good:
To start off we will focus on what WAF's generally do well and what expectations we can have for them. We see how WAFs react when given payloads from some common vulnerabilities listed in the OWASP Top 10 and give a high-level overview of how specific payloads are detected. The discussion will include points about what parts of the payload are detected and because of this the audience will better understand why we obfuscate the parts of payloads that we do, in order to get a working bypass.

The Oopsies:
In contrast to the above section we will focus on modifying the payloads attempted in the previous section, based on the aspects of a payload that were detected. Furthermore we will look at exactly what changes were made to payloads and why those payloads might have worked. This leads to a better understanding as to how bypasses are developed and gives a rough methodology that we can follow when approaching the creation of WAF bypasses.

Learning from Bypasses:
This section will focus on how we can learn from the bypasses discussed in the previous section and expand on the rough methodology in order to transform it into a more concrete methodology that we can practically use. The methodology will focus on 3 aspects:
- Identify -- the specific keywords blocked by a WAF
- Obfuscate -- the keywords in various manners
- Test -- the obfuscated payloads

In Denial:
It is also necessary for us to talk about how WAFs are used to mitigate vulnerabilities and why this has the potential to create an illusion of security. This will also highlight the importance of root cause remediations in place of WAFs while still acknowledging the improvement to the overall security posture of a web application that a WAF can provide.

Takeaways:
In this final section we will go over and summarise the high-level key points discussed during the talk and how each key point can be applied in the real world:
- What makes a WAF; a WAF
- How WAFs should be approached by red/blue teams
- The importance of remedial actions