The “Good Enough” Trap

If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe.

But attackers know exactly how your WAF works, and, more importantly, how to trick it.

We recently worked with a major enterprise customer, a global leader in healthcare technology, who experienced this firsthand. Attackers targeted their public-facing catalog API with Path Traversal and Local File Inclusion (LFI) attacks. These are standard attacks that any WAF should block. But the WAF let them through.

Why? The attackers used Double-Encoding.

The Anatomy of an Evasion

To understand why the WAF failed, we need to examine the syntax.

1. The Lock: A standard WAF looks for specific malicious characters, such as ../ (dot-dot-slash), which indicates an attacker is trying to move up a directory to access sensitive files.
2. The Trick: The attacker encodes the malicious characters using URL encoding.
   • Normal: ../
   • Single Encoded: %2e%2e%2f (Most WAFs catch this)
   • Double Encoded: %252e%252e%252f
3. The Failure: The WAF inspection engine decodes the string once. It sees %2e%2e%2f. Depending on the WAF configuration, this might appear as a harmless string of characters and therefore pass traffic.
4. The Exploit: The backend application receives the data and decodes it. If the app handles decoding recursively, it decodes the string back to ../ and then executes the command.

The Difference Context Makes

While the WAF was fooled by the syntax, the Salt Illuminate Platform was not.

Because Salt analyzes behavior and context rather than just matching signatures against a list, our platform flagged the activity immediately. We didn’t just see a web request; we saw an anomaly in the traffic pattern and payload structure that deviated from legitimate user behavior.

Turning Insight into Action

Salt didn’t just alert the customer; we gave them the blueprint to fix it.

We grouped the attack patterns to show the full scope of the campaign.

We exposed the specific double-encoded payload.

The customer used this data to create a custom WAF rule (Regex: (.*%252e%252e%252f.*)) that specifically looks for this decoding pattern.

This intelligence doesn’t live in a silo. By integrating these insights into workflows using tools such as Cloudflare, Splunk, and Wiz, organizations can close the loop between detection and prevention, operationalizing security at scale. Furthermore, by leveraging the Salt Posture Governance engine, the team moves beyond reactive blocking to proactively identify and remediate posture gaps, ensuring risk is mitigated as their API landscape expands.

The Future Threat: AI Agents

While this specific attack may have been scripted by a human, it perfectly illustrates the threat posed by Agentic AI.

AI agents can perform “logic fuzzing” at machine speed. They can autonomously test thousands of evasion techniques, such as Triple Encoding, Unicode obfuscation, or request splitting, until they find the one combination your WAF ignores.

WAFs are excellent gatekeepers, but they aren’t investigators. They stop the known, but they struggle with the hidden. To protect your API fabric from both human hackers and AI agents, you need a security layer that understands intent, not just syntax.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security’s research team and learn what attackers already know.

*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Eric Schwake. Read the original post at: https://salt.security/blog/why-your-waf-missed-it-the-danger-of-double-encoding-and-evasion-techniques-in-healthcare-security