Web Security Hardening Using Web Application Firewall Through Attacks Evasion

Abstract

Web Application Firewalls are an important building block in every HTTP net- work. WAF often called as 'Deep Packet Inspection Firewalls' are defensive secu- rity strategy for all kinds of known and zero-day attacks. Web Application Firewall (WAF) engine with a rule set, to ensure critical protection across every web architec- ture. These approaches aimed to achieve e ciency and application-layer consistency between the WAF and Web application. The WAF then has the ability to enforce security policies based upon a variety of criteria including signatures of known attacks, protocol standards and anomalous application tra c. Web Application Firewalls can be either software, or hardware appliance based and are installed in front of a webserver in an e ort to try and shield it from incoming attacks. WAF systems detects both inbound and outbound attacks. Thus, Using ModSecurity as platform, we aim to develop such CRS to provide protections against all kinds of attacks and threats by hardening web security.