Imrana Abdullahi Yari, Babangida Abdullahi, Steve A. Adeshina
{"title":"基于Tomcat和Apache Web服务器的ModSecurity WAF配置与评估框架","authors":"Imrana Abdullahi Yari, Babangida Abdullahi, Steve A. Adeshina","doi":"10.1109/ICECCO48375.2019.9043209","DOIUrl":null,"url":null,"abstract":"Open-source software has slowly infiltrated the enterprise space because the products tend to be cheaper, flexible, and secure in comparison to propriety products. However, open-source software incurs the cost of beavering to acquire professionals to, customize the product in meeting expectations, support fixes and in extending the product to a wide range of capabilities. ModSecurity is an open-source web application firewall (WAF) developed explicitly for Apache, and technically only listens to HTTP port 80. This study utilized the agility and flexibility property of open-source software to design a framework of configuring Apache module ModSecurity WAF to communicate with Tomcat server (which runs explicitly on HTTP port 8080). Furthermore, using suitable penetration testing methodology, this study investigates and compares the effectiveness of ModSecurity WAF in both Apache and Tomcat environments. ModSecurity WAF limitations were also investigated. In addition to providing a framework for configuring ModSecurity on tomcat server, this study provides an understanding of web application vulnerabilities, the techniques used to exploit them and the mitigation mechanisms to address them.","PeriodicalId":166322,"journal":{"name":"2019 15th International Conference on Electronics, Computer and Computation (ICECCO)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers\",\"authors\":\"Imrana Abdullahi Yari, Babangida Abdullahi, Steve A. Adeshina\",\"doi\":\"10.1109/ICECCO48375.2019.9043209\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Open-source software has slowly infiltrated the enterprise space because the products tend to be cheaper, flexible, and secure in comparison to propriety products. However, open-source software incurs the cost of beavering to acquire professionals to, customize the product in meeting expectations, support fixes and in extending the product to a wide range of capabilities. ModSecurity is an open-source web application firewall (WAF) developed explicitly for Apache, and technically only listens to HTTP port 80. This study utilized the agility and flexibility property of open-source software to design a framework of configuring Apache module ModSecurity WAF to communicate with Tomcat server (which runs explicitly on HTTP port 8080). Furthermore, using suitable penetration testing methodology, this study investigates and compares the effectiveness of ModSecurity WAF in both Apache and Tomcat environments. ModSecurity WAF limitations were also investigated. In addition to providing a framework for configuring ModSecurity on tomcat server, this study provides an understanding of web application vulnerabilities, the techniques used to exploit them and the mitigation mechanisms to address them.\",\"PeriodicalId\":166322,\"journal\":{\"name\":\"2019 15th International Conference on Electronics, Computer and Computation (ICECCO)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 15th International Conference on Electronics, Computer and Computation (ICECCO)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICECCO48375.2019.9043209\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 15th International Conference on Electronics, Computer and Computation (ICECCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECCO48375.2019.9043209","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers
Open-source software has slowly infiltrated the enterprise space because the products tend to be cheaper, flexible, and secure in comparison to propriety products. However, open-source software incurs the cost of beavering to acquire professionals to, customize the product in meeting expectations, support fixes and in extending the product to a wide range of capabilities. ModSecurity is an open-source web application firewall (WAF) developed explicitly for Apache, and technically only listens to HTTP port 80. This study utilized the agility and flexibility property of open-source software to design a framework of configuring Apache module ModSecurity WAF to communicate with Tomcat server (which runs explicitly on HTTP port 8080). Furthermore, using suitable penetration testing methodology, this study investigates and compares the effectiveness of ModSecurity WAF in both Apache and Tomcat environments. ModSecurity WAF limitations were also investigated. In addition to providing a framework for configuring ModSecurity on tomcat server, this study provides an understanding of web application vulnerabilities, the techniques used to exploit them and the mitigation mechanisms to address them.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
