A Study of Web Application Firewall Solutions

Prandl, Stefan; Lazarescu, Mihai; Pham, Duc-Son

doi:10.1007/978-3-319-26961-0_29

Stefan Prandl¹⁵,
Mihai Lazarescu¹⁵ &
Duc-Son Pham¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

International Conference on Information Systems Security

2686 Accesses
15 Citations
3 Altmetric

Abstract

Web application firewalls (WAFs) are the primary front-end protection mechanism for Internet-based infrastructure which is constantly under attack. This paper therefore aims to provide more insights into the performance of the most popular open-source WAFs, including ModSecurity, WebKnight, and Guardian, which we hope will complement existing knowledge. The key contribution of this work is an in-depth approach for conducting such a study. Specifically, we combine three testing frameworks: the Imperva’s proprietary benchmark, a generic benchmark using both FuzzDB and Burp test-beds, and testing for common vulnerabilities and exposures (CVE) known exploits. Our experiments show that open source WAFs are not yet totally reliable for protecting web applications despite many advances in the field. ModSecurity appears to be the most balanced open-source solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Guardian. http://guardian.jumperz.net/index.html
ModSecurity. https://www.modsecurity.org/
Web Knight. https://www.aqtronix.com/?PageID=99
Balock, R., Jaffery, T.: Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters. Technical report, Rhainfosec (2013), White Paper
Google Scholar
Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the art: automated black-box web application vulnerability testing. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 332–345. IEEE (2010)
Google Scholar
Becher, M.: Web Application Firewalls. VDM Verlag, Saarbrücken (2007)
Google Scholar
Bojinov, H., Bursztein, E., Boneh, D.: Xcs: cross channel scripting and its impact on web applications. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 420–431. ACM (2009)
Google Scholar
Cabrera, H., Krstic, G., Petrushevski, S.: CloudFlare vs Incapsula: Round 2. Technical report, Zero Science Lab (2013). http://zeroscience.mk/files/wafreport2013v2.pdf. Accessed 16 July 2015
Doupé, A., Cova, M., Vigna, G.: Why Johnny can’t pentest: an analysis of black-box web vulnerability scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111–131. Springer, Heidelberg (2010)
Chapter Google Scholar
Huang, Y.W., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th International Conference on World Wide Web, pp. 40–52. ACM (2004)
Google Scholar
Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE (2006)
Google Scholar
Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Proceedings of the 20th IFIP International Information Security Conference, vol. 181, pp. 295–307. Springer, US (2005)
Google Scholar
Tibom, P.: Incapsula vs. CloudFlare: Security Review & Comparison. Technical report, Personal Review (2012). https://www.computerscience.se/downloads/Full-Review.pdf. Accessed 16 July 2015
Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A self-learning anomaly-based web application firewall. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) Proceedings of the Conference on Computational Intelligence in Security for Information Systems, vol. 63, pp. 85–92. Springer, Heidelberg (2009)
Chapter Google Scholar
Vernotte, A., Dadeau, F., Lebeau, F., Legeard, B., Peureux, F., Piat, F.: Efficient detection of multi-step cross-site scripting vulnerabilities. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 358–377. Springer, Heidelberg (2014)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computing, Curtin University, Perth, WA, Australia
Stefan Prandl, Mihai Lazarescu & Duc-Son Pham

Authors

Stefan Prandl
View author publications
You can also search for this author in PubMed Google Scholar
Mihai Lazarescu
View author publications
You can also search for this author in PubMed Google Scholar
Duc-Son Pham
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Duc-Son Pham .

Editor information

Editors and Affiliations

Center for Secure Information Systems, Fairfax, Virginia, USA
Sushil Jajoda
Jadavpur University, Kolkata, India
Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Prandl, S., Lazarescu, M., Pham, DS. (2015). A Study of Web Application Firewall Solutions. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_29

Download citation

DOI: https://doi.org/10.1007/978-3-319-26961-0_29
Published: 31 December 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26960-3
Online ISBN: 978-3-319-26961-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics