Improving the quality of protection of web application firewalls by a simplified taxonomy of web attacks

Yi Han, Akihiro Sakai, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Nowadays, with over 70% of attacks carried out over the web application level, organizations need all the help they can get in making their system secure. Web Application Firewalls (WAFs) are among the tools that are commonly used for the prevention of Web attacks. However, the WAFs provide very little protection on their own. In order to become useful, they must be configured with rules. Unfortunately, the rule configuration process is not easy and error-prone, thus the quality of protection(QoP) of WAFs is still behind our expectations. In this paper, we investigate the current WAFs and point out some of their problems regarding about the poor QoP. We then analyze the origins of these problems and propose two decision modules, the attack-decision module and priority-decision module based on a proposed simplified taxonomy of web attacks which are helpful for improving the QoP of WAFs. Finally, we conclude our work and show future interests to extend our modules to IDS systems.

Original languageEnglish
Title of host publicationAdvances in Information Security and Its Application
Subtitle of host publicationThird International Conference, ISA 2009, Proceedings
EditorsJong Hyuk Park, Justin Zhan, Changhoon Lee, Guilin Wang, Tai-hoon Kim, Sang-Soo Yeo
Pages105-110
Number of pages6
DOIs
Publication statusPublished - Jul 13 2009

Publication series

NameCommunications in Computer and Information Science
Volume36
ISSN (Print)1865-0929

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Mathematics(all)

Fingerprint Dive into the research topics of 'Improving the quality of protection of web application firewalls by a simplified taxonomy of web attacks'. Together they form a unique fingerprint.

  • Cite this

    Han, Y., Sakai, A., Hori, Y., & Sakurai, K. (2009). Improving the quality of protection of web application firewalls by a simplified taxonomy of web attacks. In J. H. Park, J. Zhan, C. Lee, G. Wang, T. Kim, & S-S. Yeo (Eds.), Advances in Information Security and Its Application: Third International Conference, ISA 2009, Proceedings (pp. 105-110). (Communications in Computer and Information Science; Vol. 36). https://doi.org/10.1007/978-3-642-02633-1_14