Team82 Research {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF Executive SummaryTeam82 has developed a generic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse. Major WAF vendors lacked JSON support in their products, despite it being supported by most database engine