Moving Towards Positive Security Model For Web Application Firewall
نویسندگان
چکیده
The proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch. Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application. WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. This paper presents a methodology to automatically design a positive security based model which identifies and allows only legitimate web queries. The paper shows a true positive rate of more than 90% can be achieved. Keywords— Intrusion Detection System, Positive Security Model, Web application Firewall
منابع مشابه
Web Application Firewall
Today applications are becoming the prime target for cyber attacks. A recent research showed that approximately 70% of all successful web attacks exploit application vulnerabilities and there is no shortage of vulnerabilities to go after, all of them require some skill to exploit. While traditional firewalls have blocked packets effectively at the network layer, they are ineffective against att...
متن کاملA petri net based XML firewall security model for web services invocation
An XML firewall differs from a conventional firewall because its major task is to control access to web services rather than to filter untrusted addresses. An XML firewall can effectively protect web services from being attacked by inspecting a complete XML message including its head and data segments, and rejecting unauthorized web services invocation. In this paper, we propose a formal XML fi...
متن کاملTesting for Tautology based SQL Injection Attack using Runtime Monitors
Today, all commercial and business applications (ecommerce, banking, blogs, web mail, etc.,) are built as webbased database applications. Increasing prominence and usage of these applications has made them more susceptible to attacks because they store huge amount of sensitive user information. Traditional security mechanisms like network firewalls, intrusion detection systems, and use of encry...
متن کاملWeb Application Firewalls: Application Protection and Much More
EXECUTIVE SUMMARY The Web Application Firewall market as it existed several years ago has disappeared. The Web Application Firewall of yesterday has been superseded by a new generation of Web Application Firewall that not only delivers enhanced security features, but also provides more sophisticated features to appeal to large enterprises. Advanced security features include learning modes, cust...
متن کاملTowards automated web application logic reconstruction for application level security
Modern overlay security mechanisms like Web Application Firewalls (WAF) suffer from inability to recognize custom high-level application logic and data objects, which results in low accuracy, high false positives rates, and overhelming manual effort for fine tuning. In this paper we propose an approach to web application modeling for security purposes that could help next-generation WAFs to ada...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013