Ah-ha, we like this much. sqlmap, which is an incredibly popular tool that automates the process of detecting and exploiting SQL injection flaws, is now able to identify applications and API protected by Wallarm.
When WAF is detected, sqlmap even proposes to activate tamper scripts and try to bypass security checks. But as Wallarm doesn’t use regular expressions for attack detection and more relies on statistical profiles, it won’t help, sorry 🙂
Thanks @stamparm. Appreciate this much!