Early web applications were a set of static web pages connected to one another. On the contrary, modern applications are full-featured programs that are nearly equivalent to desktop applications in functionality. However, web servers and web browsers, which were initially designed for static web pages, have not fully updated their protection models to deal with the security consequences of these full-featured programs. This mismatch has been the source of several security problems in web applications. This dissertation proposes a solution in these issues, regarding bypassing security mechanisms, in our case Web Application Firewalls, via command injection.