top of page

open-appsec ML-based WAF protects against modern SQLi AutoSpear evasion techniques


Modern SQLi evasion techniques evolve day by day raising the question of whether traditional WAF systems are able to move forward at this high rate. Some advanced research around the area including the AutoSpear project which was introduced at the last Black Hat summit presents a very challenging situation. Findings by researchers from China show that many WAF solutions including AWS, Fortinet, F5, CloudFlare and ModSecurity were vulnerable. open-appsec block these attacks.

Traditional SQLi evasion

SQL Injection attacks are constantly evolving, and attackers continuously develop new techniques for evading detection. Some common SQLI evasion techniques include:

Case Swapping: or 1 = 1 → oR 1 = 1

Whitespace Substitution: or 1 = 1 → \tor1\n=1

Comment Injection: or 1 = 1 → /*foo*/or 1 =/*bar*/1

Integer Encoding: or 1 = 1 → or 0x1 = 1

Operator Swapping: or 1 = 1 → or 1 like 1

While those bypasses may have worked in the past, the game has changed, and to understand advanced evasion techniques, we must take a deep dive into some defense techniques.

In order to detect and prevent SQLi attacks, modern WAFs implement two primary concepts: parsing and rule sets. The existence of rules may be obvious but parsing is not typically the first method that comes to mind in discussions of this subject.

SQLI Parsing Oriented Evasion Techniques

The main Parsing Oriented Evasion Techniques are URL encoding and base64.

The same payload of <’ or 1=1 --> in the use of those techniques could look like this:

Regular URL encoding: <%27%20or%201%3D1%20-->

All characters URL encoding: <%27%20%6f%72%20%31%3d%31%20%2d%2d>

Base64: JyBvciAxPTEgLS0=

The number of possible evasion strings for the same payload can be increased exponentially by combining the use of base64 and URL encoding in various ways one inside another.

Obviously creating several rules for the same payload wrapped around in different ways will be a mistake, which is why most of the WAFs will reclusively try to decode all the encoding until they reach the original payload that in the end will be examined with the built-in rule set.

Creating the right encoding which could break the WAF parser logic while working on the server side, will lead to a successful SQLi bypass when the full original payload would not even be seen to the rule set algorithm at all!

SQLI Rule set Oriented Evasion Techniques

Rule set Oriented Evasion Techniques contain a wider variety of methods than Parsing Oriented ones. Some examples include Case Swapping and Whitespace Substitution as demonstrated above with a number of more advanced mechanisms, such as:

DML Substitution: or 1 = 1 → || 1 = 1

Tautology Substitution: 1 = 1 → (select ord(’r’) regexp 114) = 0x1

The same as in Parsing Oriented Evasion Techniques combining some of the methods together creates an enormous number of possible payloads, billions or even more if it is done properly, brute forcing all of them can’t be a solution and a new approach is needed.

It’s very important to mention that only a clever combination of multiple evasion techniques can work. This is where some of the newest innovations in the field come into use.

Modern SQLI Evasion Techniques

Nowadays, there are many automated tools that have been developed to carry out SQL injection attacks in combination with WAF bypass techniques. The most known of them are Sqlmap and wafninja, and although those two are indeed good, they do have one issue in common - they can’t efficiently combine multiple techniques, and more importantly, they will not be able to find groundbreaking methods that will be able to create a working evasion.

At the last BlackHat summit, a new approach was presented, a project by the name of AutoSpear. The project aims to solve two main problems in the area in order to be able to find new SQLi evasions.

SQL grammar valid payload mutation was achieved by creating a Hierarchical Tree Representation of the desired payload, by doing so, it becomes possible to perform precise payload mutation. Grammar errors like Integer Encoding errors were treated. (select * from demo1 --> Select * from demo0x1)

Source: AutoSpear BlackHat Presentation, Qu, Ling et Wu

Source: AutoSpear BlackHat Presentation, Qu, Ling et Wu

The second achievement was done with the implementation of Monte-Carlo Tree Search algorithm. Without diving into the mathematical details, this algorithm is able to find the relevant leaves in the Hierarchical Tree that need to be mutated due to the cause that they are the leaves that cause the payload to be blocked.

Source: AutoSpear BlackHat Presentation, Qu, Ling et Wu

As described in the original publication:

“AutoSpear achieves high Attack success rate against all WAF-as-a-service.”

open-appsec Machine Learning WAF vs Modern SQLi Evasion Techniques

While computer computation power and the variety of encoding and evasion techniques are rising and leading to regular WAF’s rule set, and parsing system to be found vulnerable again and again, open-appsec Machine Learning WAF is analyzing the attacks from a totally different point of view – not by asking the question “Is it SQLi payload?” or “Is it XSS payload?” but by a more deep question “Is it a non-legitimate payload?

It’s clear to see that the last question is much more complicated on several levels, but with the use of ML innovation technologies, it’s possible to learn and distinguish between malicious and benign payloads even without the need to classify it into a certain type of attack. By looking at the problem from this angle, it’s possible to use knowledge from one attack type research and apply it to the improvement of detection of all the other types.

While regular WAFs will look at payloads like this and would not be able to classify them as SQLi or other types of attacks due to the implementation of evasion techniques, open-appsec is able to easily, and with great accuracy, say “NO” – this is a non-legitimate payload!


open-appsec unique machine learning is based on two models (off-line/supervised and on-line/unsupervised) sets it apart from other WAF solutions, enabling it to offer first-class security with minimal configuration or maintenance, but most importantly it can block zero day attacks with default product settings and no software updates required.

You can experiment hands-on with open-appsec in live Playgrounds here.

Video Tutorials are available here.

For an even deeper dive into the technology, refer to the White Paper Preemptive Web Application Protection using Contextual Machine Learning.


Experiment with open-appsec for Linux, Kubernetes or Kong using a free virtual lab

bottom of page