ПРИМЕНА MODSECURITY WAF-A У ЗАШТИТИ ВЕБ АПЛИКАЦИЈА
Ključne reči:
ModSecurity, Web Application Firewall, веб апликације
Apstrakt
У овом раду описан је ModSecurity WAF, приказан је формат правила на која се ослања и које конфигурационе директиве подржава. Затим је на примеру једне веб апликације приказано како може да се употреби и какав утицај његова примена има на перформансе апликације.
Reference
[1] Victor Clincy, Hossain Shahriar, „Web Application Firewall: Network Security Models and Configuration“, 42nd IEEE International Conference on Computer Software & Applications, 2018
[2] Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad, „Critical analysis on web application firewall solutions“, IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), 2013.
[3] Web application firewall, https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
[4] Lakhno, V., A. Blozva, D. Kasatkin, V. Chubaievskyi, Y. Shestak, D. Tyshchenko, R. Brzhanov. "Experimental studies of the features of using waf to protect internal services in the zero trust structure." Journal of Theoretical and Applied Information Technology 100, no. 3 (2022).
[5] Khandelwal, Shashank, Parthiv Shah, Mr Kaushal Bhavsar, and Dr Savita Gandhi. "Frontline techniques to prevent web application vulnerability." Int. J. Advanced Research in Comput. Sci. Electron. Eng 2, no. 2 (2013): 208.
[6] Mac, Hieu, Dung Truong, Lam Nguyen, Hoa Nguyen, Hai Anh Tran, Duc Tran. "Detecting attacks on web applications using autoencoder." In Proceedings of the ninth international symposium on information and communication technology, pp. 416-421., 2018
[7]ModSecurity, https://en.wikipedia.org/wiki/ModSecurity
[8] Modsecurity-apache, SpiderLabs, https://github.com/SpiderLabs/ModSecurity-apache
[9] Orlando, Kyle Richard. "Automating Virtual Patching via Application Security Testing Tools." Master's thesis, NTNU, 2021
[10] ModSecurity-apache, https://tahir.pro/ModSecurity-apache/
[11] Jeichande, Dauto Ussene. "Redundant firewalls for web applications." PhD diss., 2016
[12] Ahmad, Ali, Zahid Anwar, Ali Hur, Hafiz Farooq Ahmad. "Formal reasoning of web application Firewall rules through ontological modeling." In 2012 15th International Multitopic Conference (INMIC), pp. 230-237. IEEE, 2012.
[13] Ashlam, Ahmed Abadulla, Atta Badii, and Frederic Stahl. "A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks." In 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET), pp. 513-517. IEEE, 2022
[2] Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad, „Critical analysis on web application firewall solutions“, IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), 2013.
[3] Web application firewall, https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
[4] Lakhno, V., A. Blozva, D. Kasatkin, V. Chubaievskyi, Y. Shestak, D. Tyshchenko, R. Brzhanov. "Experimental studies of the features of using waf to protect internal services in the zero trust structure." Journal of Theoretical and Applied Information Technology 100, no. 3 (2022).
[5] Khandelwal, Shashank, Parthiv Shah, Mr Kaushal Bhavsar, and Dr Savita Gandhi. "Frontline techniques to prevent web application vulnerability." Int. J. Advanced Research in Comput. Sci. Electron. Eng 2, no. 2 (2013): 208.
[6] Mac, Hieu, Dung Truong, Lam Nguyen, Hoa Nguyen, Hai Anh Tran, Duc Tran. "Detecting attacks on web applications using autoencoder." In Proceedings of the ninth international symposium on information and communication technology, pp. 416-421., 2018
[7]ModSecurity, https://en.wikipedia.org/wiki/ModSecurity
[8] Modsecurity-apache, SpiderLabs, https://github.com/SpiderLabs/ModSecurity-apache
[9] Orlando, Kyle Richard. "Automating Virtual Patching via Application Security Testing Tools." Master's thesis, NTNU, 2021
[10] ModSecurity-apache, https://tahir.pro/ModSecurity-apache/
[11] Jeichande, Dauto Ussene. "Redundant firewalls for web applications." PhD diss., 2016
[12] Ahmad, Ali, Zahid Anwar, Ali Hur, Hafiz Farooq Ahmad. "Formal reasoning of web application Firewall rules through ontological modeling." In 2012 15th International Multitopic Conference (INMIC), pp. 230-237. IEEE, 2012.
[13] Ashlam, Ahmed Abadulla, Atta Badii, and Frederic Stahl. "A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks." In 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET), pp. 513-517. IEEE, 2022
Objavljeno
2022-11-06
Sekcija
Elektrotehničko i računarsko inženjerstvo