• Add more tamper scripts (e.g. ability to test for addslahes bypasses using big5 or GBK characters).
• Suggest tamper scripts in due course following fingerprint of technology, back-end DBMS, etc.

References:

• http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html
• http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
• http://www.f5.com/pdf/white-papers/sql-injection-detection-wp.pdf
• http://www.www.packetstormsecurity.org/papers/bypass/SQL_Injection_Evasion.pdf
• https://docs.google.com/Doc?docid=0AZNlBave77hiZGNjanptbV84Z25yaHJmMjk&hl=en
• http://websec.wordpress.com/
• https://www.trustwave.com/spiderlabs/advisories/TWSL2011-006.txt
• http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
• http://websec.wordpress.com/2010/05/07/exploiting-hard-filtered-sql-injections-2-conditional-errors/
• http://websec.wordpress.com/2010/05/26/exploiting-hard-filtered-sql-injections-3/
• http://blog.spiderlabs.com/2011/06/announcing-the-modsecurity-sql-injection-challenge.html
• http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/
• http://websec.files.wordpress.com/2010/11/sqli2.pdf
• http://twitter.com/#!/lightos
• http://sla.ckers.org/forum/read.php?12,30425
• http://www.ptsecurity.com/download/PT-devteev-CC-WAF-ENG.pdf
• http://lavakumar.com/Split_and_Join.pdf # --hpp
• http://www.lavakumar.com/modsecurity_hpp.txt # --hpp
• http://ptresearch.blogspot.com/search/label/waf
• http://sla.ckers.org/forum/read.php?16,36514,36514#msg-36514
• http://sla.ckers.org/forum/read.php?16,20156,20179#msg-20179