Vulnerability Research on Web Applications and Blocking by WAF

Abstract

Now a day number of web applications are vulnerable. Web application vulnerabil- ities are still present due to many reason include lack of input validation, configuration hole in firewall, easy available tool-kits for attacks, insecure session, insecure system settings and aws in operating systems and web server. Successful attack on Web applications are cross-site scripting, cookie hijack, session hijacking, SQL injection, LDAP injection, XML/Xpath injection, Command injection, Code injection, Buffer over ow, Parameter tampering . A web application firewall (WAF) is a firewall that block all Layer 7 attacks. It inspects the application layer so it comes as specific hardware or as a server module. We can block all web attacks base on Firewall rules configurations and behaviour. The proposed research is to discovery of these vulnerabilities in the web applica- tion, and provide solutions with web application firewall.