Evasive techniquesΒΆ

To be able to trick the API when security controls are in place, such as a WAF that scans requests for common attacks, input validation that restricts the type of input, or a rate limit that restricts how many requests can be sent:

  1. Add string terminators to attacks

  2. Add case switching to attacks

  3. Encode payloads

  4. Combine different evasion techniques

  5. Rinse and repeat

  6. Apply evasive techniques to all attacks

Last update: 2025-05-12 14:16