Show simple item record

dc.contributor.authorPrandl, S.
dc.contributor.authorLazarescu, Mihai
dc.contributor.authorPham, DucSon
dc.date.accessioned2017-01-30T13:14:03Z
dc.date.available2017-01-30T13:14:03Z
dc.date.created2016-04-19T19:30:36Z
dc.date.issued2015
dc.identifier.citationPrandl, S. and Lazarescu, M. and Pham, D. 2015. A study of web application firewall solutions, in Proceedings of the 11th International Conference of Information Security Systems (ICISS), Dec 16-20 2015, pp. 501-510. Kolkata, India: ISS.
dc.identifier.urihttp://hdl.handle.net/20.500.11937/29622
dc.identifier.doi10.1007/978-3-319-26961-0_29
dc.description.abstract

Web application firewalls (WAFs) are the primary front-end protection mechanism for Internet-based infrastructure which is constantly under attack. This paper therefore aims to provide more insights into the performance of the most popular open-source WAFs, including ModSecurity, WebKnight, and Guardian, which we hope will complement existing knowledge. The key contribution of this work is an in-depth approach for conducting such a study. Specifically, we combine three testing frameworks: the Imperva’s proprietary benchmark, a generic benchmark using both FuzzDB and Burp test-beds, and testing for common vulnerabilities and exposures (CVE) known exploits. Our experiments show that open source WAFs are not yet totally reliable for protecting web applications despite many advances in the field. ModSecurity appears to be the most balanced open-source solution.

dc.titleA study of web application firewall solutions
dc.typeConference Paper
dcterms.source.volume9478
dcterms.source.startPage501
dcterms.source.endPage510
dcterms.source.titleLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
dcterms.source.seriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
dcterms.source.isbn9783319269603
curtin.departmentDepartment of Computing
curtin.accessStatusFulltext not available


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record