Learning Web Application Firewall - Benefits and Caveats
نویسندگان
چکیده
The paper discusses selected issues related to the implementation and deployment of the Web Application Firewall that protects the target application by verifying the incoming requests and their parameters through matching them against recorded usage patterns. These patterns in turn are learned from the traffic generated by the users of the application. Since many web applications, including these operated by the government are prone to exploits, there is a need to introduce new, easily implementable methods of protection to prevent unauthorized access to sensitive data. A Learning Web Application Firewall offers a flexible, application-tailored, yet easy to deploy solution. There are certain concerns, however, regarding the classification of data that is used for the learning process which can, in certain cases, impair the firewall ability to classify traffic correctly. These concerns are discussed on the basis of reference implementation prepared by the authors.
منابع مشابه
Web Application Firewall
Today applications are becoming the prime target for cyber attacks. A recent research showed that approximately 70% of all successful web attacks exploit application vulnerabilities and there is no shortage of vulnerabilities to go after, all of them require some skill to exploit. While traditional firewalls have blocked packets effectively at the network layer, they are ineffective against att...
متن کاملMachine learning-assisted virtual patching of web applications
Web applications are permanently being exposed to attacks that exploit their vulnerabilities. In this work we investigate the application of machine learning techniques to leverage Web Application Firewall (WAF), a technology that is used to detect and prevent attacks. We propose a combined approach of machine learning models, based on one-class classification and ngram analysis, to enhance the...
متن کاملWeb Application Firewalls: Application Protection and Much More
EXECUTIVE SUMMARY The Web Application Firewall market as it existed several years ago has disappeared. The Web Application Firewall of yesterday has been superseded by a new generation of Web Application Firewall that not only delivers enhanced security features, but also provides more sophisticated features to appeal to large enterprises. Advanced security features include learning modes, cust...
متن کاملA Comparison of ESLE Web-based English Vocabulary Learning Application with Traditional Desktop English Vocabulary Learning Application: Exceptional learner parents’ point of view
The aim of this study was to compare the Exceptional Student Learning English (ESLE) web application and traditional application and the evaluation of the ESLE app mainly from the exceptional student parents' perspective. To this end, five exceptional student parents with their exceptional children were selected among 30 parents in Isfahan in Isfahan province. Open-ended questionnaires were sen...
متن کاملThe role of XML Firewalls for Web services
This paper explores the benefits of using XML Firewalls, also known as XML Proxies or SOAP Gateways, in order to secure Web services. First the commonly known threats of Web services will be discussed, followed by several techniques to prevent these threats. One of these methods is the use of firewalls which will be covered more extensively. Next the added value of XML Firewalls, a specialized ...
متن کامل