Abstract:
Web applications security has become critically vibrant. Traditionally the "default allow" model
has been used for securing web applications, but this approach has exposed web applications to a
plethora of attacks. Default deny model, on the other hand provides more restricted security to
the web applications. This approach depends on building a model for the application and then
allowing only those requests that comply with model and ignoring everything else. An
innovative and effective methodology being adopted which lead to the analysis of valid
application requests and as a result semi-structured XML cases for the web application being
generated. Moreover, learning techniques are being adopted resulting to more mature and strong
generated XML cases. This positive security model namely Web Application Model Generator
(WAMG) consists of three components namely 1.Automatic white list cases generation Module,
2. Resource Tree Generator and 3.Case Based Reasoning. AMG needs to be described using a
standardized XML language. The format should be able to describe all the three components of
the positive security model accurately. We build this model through analysis of valid traffic logs
in offline mode. The model is represented in the form of XML based cases. This system will be
evaluated on the basis of fact that the XML file containing cases is being generating correctly
according to the XML format. Moreover, it is ensured that splitting of malicious and non
malicious traffic is carried out successfully. Results prove its effectiveness of rule generation
using access traffic log of cross site scripting (XSS), SQL injection, JS Charcode, HTTP
Request Splitting, HTTP response splitting and Buffer overflow attacks.
