top of page

open-appsec / CloudGuard AppSec is the only product known to pre-emptively block Claroty WAF bypass

Claroty Team82 has developed a generic bypass for industry-leading web application firewalls (WAF). The bypass technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. It is explained in a detailed blog that was published on December 8th, 2022.

As part of a responsible disclosure process for vulnerabilities, Claroty approached our team with findings of the new bypass technique. Looking at the attack payloads we thought that open-appsec/CloudGuard AppSec ML-engine would block the attack based on the vast training data we use. To validate, we tested it on the same day and indeed it blocked the attack pre-emptively! We sent the product logs to the Claroty team and they confirmed “Thanks for the update. Kudos to the AppSec Team”.

You can read more about the WAF bypass technique in Claroty’s detailed blog. It explains the details of this new bypass vector and how they found that AWS WAF as well as other major WAFs were vulnerable to it:

Source: Claroty Team82 Blog

See below an explanation as to why open-appsec/CloudGuard AppSec is once again pre-emptive to a zero day attacks using product defaults and with no software updates. This was proven several times in the last year for the well-known Log4Shell, Spring4Shell and Text4Shell zero day attacks.

Attack Details

SQL Injection is one of the most well-known attack vectors and has been part of OWASP-Top-10 list for years. As such all WAF solutions are able to detect it. The innovation in Claroty’s bypass involved adding JSON to SQL syntax which rendered most WAFs blind to the attacks.

JSON in SQL has been supported by leading databases for many years, including Microsoft SQL Server, MySQL, SQLite, PostgresSQL and others.

Claroty team was able to craft expressions that allowed to get a true statements in SQL:

Source: Claroty Team82 Blog

They found that operands used in these queries render major WAF solutions blind to the SQL injection. At this time the five vendors fixed their code, but Claroty believes that other vendors may be vulnerable as well.

Machine Learning-based Zero-Day Protection

open-appsec/CloudGuard Appsec uses contextual ML-based analysis to learn how users normally interact with your web application. It then uses this information to automatically detect requests that fall outside of normal operations, and sends those requests for further analysis to decide whether the request is malicious or not. This pre-emptive model simplifies maintenance, removes the risk of a vulnerability window, and eliminates the need for rushed patching activities.

The open-appsec/CloudGuard AppSec engine is powered by two different machine learning (ML) models:

  • A supervised model that was trained offline and fed with millions of requests, both malicious and benign

  • An unsupervised online model that is being built in real time in the protected environment. The online model is updated constantly based on inbound network traffic

Every request to your application goes through three phases:

  • First, the payload is decoded. All HTTP requests are parsed, JSON and XML sections are extracted, and any IP-level access control is applied.

  • Second, a multitude of variables are fed to the machine learning engine. These variables, which are either directly extracted from the HTTP request or decoded from different parts of the payload, include attack indicators, IP addresses, user agents, fingerprints, and many other considerations. The supervised model of the machine learning engine uses these variables to compare the request with many common attack patterns found across the globe.

  • If the request is identified as a valid and legitimate request, the request is allowed, and forwarded to your application. If, however, the request is considered suspicious or high risk, it then gets evaluated by the unsupervised model, which was trained in your specific environment. This model uses information such as the URL and the users involved to create a final confidence score that determines whether the request should be allowed or blocked.

The Claroty WAF bypass include various unusual operands that allowed the open-appsec/CloudGuard AppSec off-line/supervised machine learning model to suspect that it includes both, Evasions and even specifically SQL Injection and block it.

You can see below one of the example logs:

Event Name:
Web Request
Event Reference ID:
Event Severity:
Event Confidence:
Very High
Event Level:
Agent UUID:
Practice Type:
Threat Prevention
Practice SubType:
Web Application
Source Identifier:
HTTP Host:
HTTP Method:
HTTP Request Headers:
accept: image/avif
*/*;q=0.8; accept-encoding: gzip
br; accept-language: en-US
en;q=0.9; host:; referer:; sec-ch-ua: " Not A;Brand";v="99"
"Google Chrome";v="99"; sec-ch-ua-mobile: ?0; sec-ch-ua-platform: "Windows"; sec-fetch-dest: image; sec-fetch-mode: no-cors; sec-fetch-site: same-origin; user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML
like Gecko) Chrome/99.0.4844.74 Safari/537.36
Threat Prevention
AppSec Incident Type:
Evasion Techniques, LDAP Injection, Remote Code Execution, SQL Injection
AppSec User Reputation:
Matched Location:
referer parameter
Matched Parameter:
Matched Sample:
' or json_extract('{"id": 14, "name": "aztalan"}',
'$.name') = 'aztalan'


Preemptive protection against cyber attacks is critical because vulnerabilities may have been known by bad actors before publication and because it naturally takes time for everyone to fix them, also known as “vulnerability window”. These windows can sometimes be as long as months and years.

open-appsec/CloudGuard AppSec’s unique machine learning which is based on two models (off-line/supervised and on-line/unsupervised) sets it apart from other WAF solutions, enabling it to offer first-class security with minimal configuration or maintenance, but most importantly once and again it proves to be pre-emptive, that means blocking zero day attacks with default product settings and no software updates required.

This was proven several times in the last year for the well-known Log4Shell, Spring4Shell and Text4Shell zero day attacks and now also with Claroty's WAF bypass.

You can experiment hands-on with open-appsec in live playgrounds here. Video tutorials are available here. For even deeper dive into the technology refer to the white paper Preemptive Web Application Protection using Contextual Machine Learning.


Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page