Update WAF Bypass.md

WAF Bypass.md

@@ -25,7 +25,7 @@ To identify WAFs, we need to (dummy) provoke it.
 | ASP.NET Generic | &bull; **Detectability:** Easy<br> &bull; **Detection:** Response headers may contain `X-ASPNET-Version` header value.<br> **Blocked response page content may contain:** <br>&bull;`This generic 403 error means that the authenticated user is not authorized to use the requested resource.`<br> &bull;`Error Code 0x00000000<` keyword. |
 | BIG-IP ASM | &bull; **Detectability:** Moderate<br> &bull; **Detection:** <br> Response headers may contain `BigIP` or `F5` keyword value. <br> Response header fields may contain `X-WA-Info` header. <br> Response headers might have jumbled `X-Cnection` field value. | 
 | Cloudflare | &bull; **Detectability:** Easy<br> &bull; **Detection:** <br> Response headers might have `cf-ray` field value.<br> `Server` header field has value `cloudflare`.<br> `Set-Cookie` response headers have `__cfuid=` cookie field.<br> Page content might have `Attention Required!` or `Cloudflare Ray ID:`.<br> Page content may contain `DDoS protection by Cloudflareas` text.<br> You may encounter `CLOUDFLARE_ERROR_500S_BOX` upon hitting invalid URLs. |
-| FortiWeb | &bull; **Detectability:** Moderate <br> &bull; **Detection:** <br> Response headers contain `FORTIWAFSID=` on malicious requests. <br> **Blocked response page contains:** <br> Reference to `.fgd_icon` image icon. <br> `Server Unavailable!` as heading. <br> `Server unavailable. Please visit later.` as text.|
+| FortiWeb | &bull; **Detectability:** Moderate <br> &bull; **Detection:** <br> Response headers contain `FORTIWAFSID=` on malicious requests. <br> Response headers contain cookei name `cookiesession1=` <br>**Blocked response page contains:** <br> Reference to `.fgd_icon` image icon. <br> `Server Unavailable!` as heading. <br> `Server unavailable. Please visit later.` as text.|