Reference : Automated Testing of Web Application Firewalls
Reports : Other
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Automated Testing of Web Application Firewalls
Appelt, Dennis mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Nguyen, Duy Cu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
[en] Security Testing ; Reliability ; Web Application Firewalls
[en] Web application firewalls (WAF) are an indispensable mechanism to protect online systems from attacks. However, the fast pace at which new kinds of attacks appear and their increasing sophistication require WAFs to be updated and tested regularly as otherwise they will be circumvented. In this paper, we focus our research on WAFs and SQL injection attacks, but the general principles and strategy could be adapted to other contexts. We present a machine learning-driven testing approach to automatically detect holes in WAFs that let SQL injection attacks bypass them. At the beginning, the approach can automatically generate diverse attacks (tests) and then submit them to a system that is protected by a WAF. Incrementally learning from the tests that are blocked or accepted by the WAF, our approach can then select tests that exhibit characteristics associated with bypassing the WAF and mutate them to efficiently generate new bypassing attacks. In the race against cyberattacks, time is vital. Being able to learn and anticipate more attacks that can circumvent a WAF in a timely manner is very important in order to quickly fix or fine-tune protection rules. We developed a tool that implements the approach and evaluated it on ModSecurity, a widely used WAF, and a proprietary WAF that protects a financial institution. Evaluation results indicate that our proposed technique is efficient at generating SQL injection attacks that can bypass a WAF and can be used to identify successful attack patterns.
University of Luxembourg: High Performance Computing - ULHPC ; Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
FnR ; FNR4800382 > Dennis Appelt > > Black-Box Security Testing for Web Applications and Services > 01/10/2012 > 30/06/2016 > 2012

File(s) associated to this reference

Fulltext file(s):

Limited access
report.pdfAuthor preprint1.48 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.