Online from: 1993
Subject Area: Information and Knowledge Management
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||An advanced web attack detection and prevention tool|
|Author(s):||Helen Kapodistria, (Department of Informatics, University of Piraeus, Piraeus, Greece), Sarandis Mitropoulos, (Department of Informatics, University of Piraeus, Piraeus, Greece), Christos Douligeris, (Department of Informatics, University of Piraeus, Piraeus, Greece)|
|Citation:||Helen Kapodistria, Sarandis Mitropoulos, Christos Douligeris, (2011) "An advanced web attack detection and prevention tool", Information Management & Computer Security, Vol. 19 Iss: 5, pp.280 - 299|
|Keywords:||Computer crimes, Cross-site scripting, Data security, SQL injection, Web application firewalls, Web application security, Web attacks, Web vulnerabilities|
|Article type:||Research paper|
|DOI:||10.1108/09685221111188584 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
Purpose – The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross-platform application, namely, it is not OS-dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.
Design/methodology/approach – The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.
Findings – The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used open source application firewall, using over 200 attack patterns. The new tool had satisfying results for every attack category examined having a high percentage of success. Results for stored XSS could not be achieved since the other tools are not able to search and detect them in http responses. The fact that the new tool is very extensible, it makes it possible for future work to be done.
Originality/value – This paper introduces a new web server plug-in, which has some advanced web application firewall features with a flexible attacks search engine which scans http requests and responses. By scanning http responses, attacks such as stored XSS can be detected, a feature that cannot be found on other web application firewalls.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian