Security Analysis of Web Application Firewall Against Known Web Attacks

Abstract

While the use of Internet applications and the World Wide Web is increasing rapidly, many commercial, private and public sectors such as online banking, shopping, administration and social networks have made their services available on the Internet. The development of cloud systems and services is further accelerating this transition. However, the more use of web services have also made it a hot and primary target for cyber attackers. Recent studies have shown that the number of vulnerabilities reported in web services is increasing rapidly. Current statistics show that web application services are experiencing 35% more cyber attacks per minute than in 2018. It makes sense to implement layers of security to secure valuable business and consumer data, from network-level mechanisms to detect intruders at the lower level to protecting applications that know the data. and domain-specific company protocols. At the highest protection level, web application firewalls (WAFs) are an essential tool to counter web attacks which at least listed by OWASP in the top ten web attacks, such as SQL injection, cross-site scripts or attacks on external XML entities, etc. After installing the firewall, the web application checks every request sent to the target system and determines whether it is legitimate or malicious. The web application firewall makes this decision by analyzing each element in the request and checking whether or not the value matches one of the web attack patterns, usually using a series of rules (e.g., regular expressions). In this research, we analyse the security of one of the famous open source WAF named ModSec against some well-known web attacks. This research focus on two questions, Can we bypass web application firewall policies with sophisticated payloads? Can a Machine Learning (ML) based solution helps us to counter such web attacks if we integrate it with traditional WAF?