Web-security

Published on
March 27, 2026
Bypassing WAF Method Blocks with X-HTTP-Method-Override
Cyber-Security Bug-Bounty WAF-Bypass Web-Security
How an OPTIONS request with x-http-method-override can bypass blocked GET/POST methods, and how defenders can shut it down
Published on
March 23, 2026
Bypassing Imperva Incapsula WAF with a Cookie Jar Overflow
Cyber-Security Bug-Bounty WAF-Bypass Web-Security
How a cookie jar overflow attack allowed me to completely bypass Imperva Incapsula's reese84 token validation

Bypassing WAF Method Blocks with X-HTTP-Method-Override