"The web application firewall (WAF) successfully blocked multiple automated SQL injection attempts, demonstrating effective defense-in-depth for standard attack patterns. However, the WAF was bypassed using manual testing techniques (see F-001)." - "Multi-factor authentication was correctly implemen