Development of a hybrid web application firewall to prevent web based attacks

Abstract

Firewall and intrusion detection systems are used by the purposes of preventing information loss and weakness on internet and providing security for web applications. However attacks to web applications do not only come from network layer. Web applications use Hyper Text Transfer Protocol (HTTP) and attacks come from this protocol to web pages. Tools used for providing security on network layer become inefficient for HTTP attacks. These attacks to web applications can be prevented by detection of HTTP. In this study, a hybrid web application firewall is developed by using proposed signature based detection and anomaly detection methods, to prevent attacks by detection of HTTP requests.