Web应用防火墙规避技术

2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS) Pub Date : 2020-03-01 DOI:10.1109/ICACCS48705.2020.9074217

K. Nagendran, S. Balaji, B. A. Raj, P. Chanthrika, RG Amirthaa

{"title":"Web应用防火墙规避技术","authors":"K. Nagendran, S. Balaji, B. A. Raj, P. Chanthrika, RG Amirthaa","doi":"10.1109/ICACCS48705.2020.9074217","DOIUrl":null,"url":null,"abstract":"Recently there has been a robust increase in cyber attacks. Statistical studies show that around 4% of internet traffic is malicious. Firewalls are deployed as blocking mechanisms to identify and prevent malicious requests. They filter seemingly malicious packets based on the filter rules. Despite the filters, there are certain evasion techniques used by attackers to bypass the firewall. This paper describes the techniques for bypassing the web application firewall based on their configurations and paranoia levels of implementation so that security researchers can understand loop holes in the firewall to build a better firewall strategy. By these techniques, an attacker can achieve the attacks he intends to do even if the firewall is placed between the web application and the client.","PeriodicalId":439003,"journal":{"name":"2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Web Application Firewall Evasion Techniques\",\"authors\":\"K. Nagendran, S. Balaji, B. A. Raj, P. Chanthrika, RG Amirthaa\",\"doi\":\"10.1109/ICACCS48705.2020.9074217\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently there has been a robust increase in cyber attacks. Statistical studies show that around 4% of internet traffic is malicious. Firewalls are deployed as blocking mechanisms to identify and prevent malicious requests. They filter seemingly malicious packets based on the filter rules. Despite the filters, there are certain evasion techniques used by attackers to bypass the firewall. This paper describes the techniques for bypassing the web application firewall based on their configurations and paranoia levels of implementation so that security researchers can understand loop holes in the firewall to build a better firewall strategy. By these techniques, an attacker can achieve the attacks he intends to do even if the firewall is placed between the web application and the client.\",\"PeriodicalId\":439003,\"journal\":{\"name\":\"2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACCS48705.2020.9074217\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACCS48705.2020.9074217","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

最近，网络攻击急剧增加。统计研究表明，大约4%的互联网流量是恶意的。防火墙被部署为阻塞机制，以识别和防止恶意请求。它们根据过滤规则过滤看似恶意的数据包。尽管有过滤器，攻击者还是使用了某些规避技术来绕过防火墙。本文根据web应用程序防火墙的配置和实现的偏执程度描述了绕过它们的技术，以便安全研究人员能够了解防火墙中的循环漏洞，从而构建更好的防火墙策略。通过这些技术，即使在web应用程序和客户端之间放置了防火墙，攻击者也可以实现他想要进行的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Web Application Firewall Evasion Techniques

Recently there has been a robust increase in cyber attacks. Statistical studies show that around 4% of internet traffic is malicious. Firewalls are deployed as blocking mechanisms to identify and prevent malicious requests. They filter seemingly malicious packets based on the filter rules. Despite the filters, there are certain evasion techniques used by attackers to bypass the firewall. This paper describes the techniques for bypassing the web application firewall based on their configurations and paranoia levels of implementation so that security researchers can understand loop holes in the firewall to build a better firewall strategy. By these techniques, an attacker can achieve the attacks he intends to do even if the firewall is placed between the web application and the client.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS)

自引率

0.00%

发文量