A study of web application firewall solutions
| dc.contributor.author | Prandl, S. | |
| dc.contributor.author | Lazarescu, Mihai | |
| dc.contributor.author | Pham, DucSon | |
| dc.date.accessioned | 2017-01-30T13:14:03Z | |
| dc.date.available | 2017-01-30T13:14:03Z | |
| dc.date.created | 2016-04-19T19:30:36Z | |
| dc.date.issued | 2015 | |
| dc.identifier.citation | Prandl, S. and Lazarescu, M. and Pham, D. 2015. A study of web application firewall solutions, in Proceedings of the 11th International Conference of Information Security Systems (ICISS), Dec 16-20 2015, pp. 501-510. Kolkata, India: ISS. | |
| dc.identifier.uri | http://hdl.handle.net/20.500.11937/29622 | |
| dc.identifier.doi | 10.1007/978-3-319-26961-0_29 | |
| dc.description.abstract |
Web application firewalls (WAFs) are the primary front-end protection mechanism for Internet-based infrastructure which is constantly under attack. This paper therefore aims to provide more insights into the performance of the most popular open-source WAFs, including ModSecurity, WebKnight, and Guardian, which we hope will complement existing knowledge. The key contribution of this work is an in-depth approach for conducting such a study. Specifically, we combine three testing frameworks: the Imperva’s proprietary benchmark, a generic benchmark using both FuzzDB and Burp test-beds, and testing for common vulnerabilities and exposures (CVE) known exploits. Our experiments show that open source WAFs are not yet totally reliable for protecting web applications despite many advances in the field. ModSecurity appears to be the most balanced open-source solution. | |
| dc.title | A study of web application firewall solutions | |
| dc.type | Conference Paper | |
| dcterms.source.volume | 9478 | |
| dcterms.source.startPage | 501 | |
| dcterms.source.endPage | 510 | |
| dcterms.source.title | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | |
| dcterms.source.series | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | |
| dcterms.source.isbn | 9783319269603 | |
| curtin.department | Department of Computing | |
| curtin.accessStatus | Fulltext not available |
Files in this item
| Files | Size | Format | View |
|---|---|---|---|
|
There are no files associated with this item. |
|||