Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Check Point CloudGuard AppSec is the only product known to pre-emptively block Claroty WAF bypass

December 2022 by Oded Gonda, VP Technology and Innovation, Check Point

Claroty Team82 has developed a generic bypass for industry-leading web application firewalls (WAF). The bypass technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. It is explained in a detailed blog that was published on December 8th, 2022.

As part of a responsible disclosure process for vulnerabilities, Claroty approached our team with findings of the new bypass technique. Looking at the attack payloads, we thought that CloudGuard AppSec/open-appsec ML-engine would block the attack based on the vast training data we use. To validate, we tested it on the same day and indeed, it blocked the attack pre-emptively! We sent the product logs to the Claroty team and they confirmed, “Thanks for the update. Kudos to the AppSec Team”.

You can read more about the WAF bypass technique in Claroty’s detailed blog. It explains the details of this new bypass vector and how they found that AWS WAF as well as other major WAFs were vulnerable to it:

See below an explanation as to why CloudGuard AppSec/open-appsec is once again pre-emptive to a zero day attacks using product defaults and with no software updates. This has been proven several times in the last year for the well-known Log4Shell, Spring4Shell and Text4Shell zero day attacks.

Attack Details

SQL Injection is one of the most well-known attack vectors and has been part of OWASP-Top-10 list for years. As such all WAF solutions are able to detect it. The innovation in Claroty’s bypass involved adding JSON to SQL syntax, which rendered most WAFs blind to the attacks.

JSON in SQL has been supported by leading databases for many years, including Microsoft SQL Server, MySQL, SQLite, PostgresSQL and others.

Claroty team was able to craft expressions that allowed to get a true statements in SQL:

They found that operands used in these queries render major WAF solutions blind to the SQL injection. At this time, the five vendors fixed their code, but Claroty believes that other vendors may be vulnerable as well.

Machine Learning-based Zero-Day Protection

CloudGuard Appsec/open-appsec uses contextual ML-based analysis to learn how users normally interact with your web application. It then uses this information to automatically detect requests that fall outside of normal operations, and sends those requests for further analysis to decide whether the request is malicious or not. This pre-emptive model simplifies maintenance, removes the risk of a vulnerability window, and eliminates the need for rushed patching activities.

The CloudGuard AppSec/open-appsec engine is powered by two different machine learning (ML) models:

A supervised model that was trained offline and fed with millions of requests, both malicious and benign
An unsupervised online model that is built in real time in the protected environment. The online model is updated constantly based on inbound network traffic

Every request to your application goes through three phases:

First, the payload is decoded. All HTTP requests are parsed, JSON and XML sections are extracted, and any IP-level access control is applied.
Second, a multitude of variables are fed to the machine learning engine. These variables, which are either directly extracted from the HTTP request or decoded from different parts of the payload, include attack indicators, IP addresses, user agents, fingerprints, and many other considerations. The supervised model of the machine learning engine uses these variables to compare the request with many common attack patterns found across the globe.
If the request is identified as a valid and legitimate request, the request is allowed, and forwarded to your application. If, however, the request is considered suspicious or high risk, it then is evaluated by the unsupervised model, which was trained in your specific environment. This model uses information such as the URL and the users involved to create a final confidence score that determines whether the request should be allowed or blocked.

The Claroty WAF bypass include various unusual operands that allowed the CloudGuard AppSec/open-appsec off-line/supervised machine learning model to suspect that it includes both, Evasions and even specifically SQL Injection and block it.

You can see below one of the example logs:


Event Name:

Web Request

Event Reference ID:


Event Severity:


Event Confidence:

Very High

Event Level:


Agent UUID:


Practice Type:

Threat Prevention

Practice SubType:

Web Application


Source Identifier:

HTTP Host:

HTTP Method:




HTTP Request Headers:

accept: image/avif





*/*;q=0.8; accept-encoding: gzip


br; accept-language: en-US

en;q=0.9; host:; referer:; sec-ch-ua: " Not A;Brand";v="99"


"Google Chrome";v="99"; sec-ch-ua-mobile: ?0; sec-ch-ua-platform: "Windows"; sec-fetch-dest: image; sec-fetch-mode: no-cors; sec-fetch-site: same-origin; user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML

like Gecko) Chrome/99.0.4844.74 Safari/537.36

Threat Prevention

AppSec Incident Type:

Evasion Techniques, LDAP Injection, Remote Code Execution, SQL Injection

AppSec User Reputation:


Matched Location:

referer parameter

Matched Parameter:


Matched Sample:

’ or json_extract(’"id": 14, "name": "aztalan"’,

’$.name’) = ’aztalan’


Preemptive protection against cyber attacks is critical because vulnerabilities may have been known by bad actors before publication and because it naturally takes time for everyone to fix them, also known as “vulnerability window”. These windows can sometimes be as long as months and years.

CloudGuard AppSec/open-appsec’s unique machine learning which is based on two models (off-line/supervised and on-line/unsupervised) sets it apart from other WAF solutions, enabling it to offer first-class security with minimal configuration or maintenance, but most importantly once and again it proves to be pre-emptive, that means blocking zero day attacks with default product settings and no software updates required.

This was proven several times in the last year for the well-known Log4Shell, Spring4Shell and Text4Shell zero day attacks and now also with Claroty’s WAF bypass.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts