Portal de Periódicos da CAPES

A Study of Web Application Firewall Solutions

2015; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-26961-0_29

1611-3349

Stefan Prandl, Mihai Lazarescu, Duc-Son Pham,

Security and Verification in Computing

Web application firewalls (WAFs) are the primary front-end protection mechanism for Internet-based infrastructure which is constantly under attack. This paper therefore aims to provide more insights into the performance of the most popular open-source WAFs, including ModSecurity, WebKnight, and Guardian, which we hope will complement existing knowledge. The key contribution of this work is an in-depth approach for conducting such a study. Specifically, we combine three testing frameworks: the Imperva’s proprietary benchmark, a generic benchmark using both FuzzDB and Burp test-beds, and testing for common vulnerabilities and exposures (CVE) known exploits. Our experiments show that open source WAFs are not yet totally reliable for protecting web applications despite many advances in the field. ModSecurity appears to be the most balanced open-source solution.