This presentation we showed how security products fail to protect or detect against some type of flaws. Products includes web scanners , log analysis, ids, waf as Snort, OSSEC, Qualys, Acunetix, W3AF and so on. Problems aren't related only with those tools, we just use them to create our PoCs. Possible problems could be a Compliance bypass creating reports "without" SQLi for example.