Toward an SDN-Based Web Application Firewall: Defending against SQL Injection Attacks
نویسندگان
چکیده
Web attacks pose a significant threat to enterprises, as attackers often target web applications first. Various solutions have been proposed mitigate and reduce the severity of these threats, such application firewalls (WAFs). On other hand, software-defined networking (SDN) technology has significantly improved network management operation by providing centralized control for administrators. In this work, we investigated possibility using SDN implement firewall capable detecting blocking attacks. As proof concept, designed implemented WAF detect known attack, specifically SQL injection. Our design utilized two detection methods: signatures regular expressions. The experimental results demonstrate that controller can successfully function injection Furthermore, compared ModSecurity, traditional WAF, with our SDN-based WAF. reveal system is more efficient in terms TCP ACK latency, while ModSecurity exhibits slightly lower overhead on controller.
منابع مشابه
Artificial Neural Network based Web Application Firewall for SQL Injection
In recent years with the rapid development of Internet and the Web, more and more web applications have been deployed in many fields and organizations such as finance, military, and government. Together with that, hackers have found more subtle ways to attack web applications. According to international statistics, SQL Injection is one of the most popular vulnerabilities of web applications. Th...
متن کاملDefending Against XML-Based Attacks Using State-Based XML Firewall
With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented ...
متن کاملProtecting Database Centric Web Services against SQL/XPath Injection Attacks
Web services represent a powerful interface for backend database systems and are increasingly being used in business critical applications. How ever, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been propos...
متن کاملUser Authentication Method against SQL Injection Attacks
The Internet and web applications are playing very important role in our today’s modern day life. Most of the web applications use the database as a back end to store critical information. SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. De...
متن کاملDefending Against the Wily Surfer-Web-based Attacks and Defenses
Intrusions are often viewed as catastrophic events which destroy systems, wreak havoc on data through corruption or substitution, yield access to closely guarded sensitive information, or provide a springboard for hackers to attack other systems. Yet not all intrusions on the Web are the blatant, smash-and-grab, trash-the-site kind of attacks. Many attacks are more subtle, and some involve what...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Future Internet
سال: 2023
ISSN: ['1999-5903']
DOI: https://doi.org/10.3390/fi15050170