Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks

Appelt, Dennis; Panichella, Annibale; Briand, Lionel C.

doi:10.1109/issre.2017.28

Cited by 20 publications

(11 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In our future work, we will investigate automated approaches to generate effective patches for the WAF under test starting from the learned attack patterns. We reported on an initial attempt to automate the repairing process in a recent paper [11], where we generated patches that block as many bypassing attacks as possible while limiting the blocking of legitimate inputs. Investigating further, more effective, repairing strategies that better exploit the attack patterns generated by ML-Driven E is part of our future agenda.…”

Section: Resultsmentioning

confidence: 99%

“…Our goal is to modify these regular expressions in such a way that the bypassing attacks found by ML-Driven do no longer bypass the WAF. We investigated a first attempt to semi-automate the WAF repairing process in our recent work [11]. In particular, we use multi-objective optimization algorithms to optimize two goals: (i) maximizing the number of blocked attacks and (ii) minimizing the number legitimate requests being blocked (false positives).…”

Section: Repair Strategymentioning

confidence: 99%

“…In this paper, we consider a general strategy for modifying the regular expressions as outlined in Algorithm 5. While parts of the strategy can be automated [11], regular expressions derived from attack patterns (line 8 and 9) still require manual inspection and adaptation depending on the WAF under evaluation. The required inputs for the strategy are the test outputs of ML-Driven, i.e., a set A of bypassing attacks and a set P C of path conditions learned from A, and a set R of regular expressions used by the WAF under test to match known attacks.…”

Section: Repair Strategymentioning

confidence: 99%

See 2 more Smart Citations

A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

et al. 2018

Self Cite

View full text Add to dashboard Cite

Web application firewalls (WAF) are an essential protection mechanism for online software systems. Because of the relentless flow of new kinds of attacks as well as their increased sophistication, WAFs have to be updated and tested regularly to prevent attackers from easily circumventing them. In this paper, we focus on testing WAFs for SQL injection attacks, but the general principles and strategy we propose can be adapted to other contexts. We present ML-Driven, an approach based on machine learning and an evolutionary algorithm to automatically detect holes in WAFs that let SQL injection attacks bypass them. Initially, ML-Driven automatically generates a diverse set of attacks and submit them to the system being protected by the target WAF. Then, ML-Driven selects attacks that exhibit patterns (substrings) associated with bypassing the WAF and evolve them to generate new successful bypassing attacks. Machine learning is used to incrementally learn attack patterns from previously generated attacks according to their testing results, i.e., if they are blocked or bypass the WAF. We implemented ML-Driven in a tool and evaluated it on ModSecurity, a widely used open-source WAF, and a proprietary WAF protecting a financial institution. Our empirical results indicate that ML-Driven is effective and efficient at generating SQL injection attacks bypassing WAFs and identifying attack patterns.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Repair Strategymentioning

confidence: 99%

Section: Repair Strategymentioning

confidence: 99%

See 1 more Smart Citation

A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

et al. 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…In particular, they aim at providing accessible UIs to blind users. Appelt et al [37] do automatic repairs of firewall rules to improve the security of web application. While a firewall and a proxy are similar, the goal and the means are different: they focus on security while we focus on availability, they change firewall rules while BikiniProxy rewrites HTML and Javascript code.…”

Section: Self-healing In Productionmentioning

confidence: 99%

Fully Automated HTML and JavaScript Rewriting for Constructing a Self‐healing Web Proxy

Durieux

Hamadi

Monperrus

2020

Software Testing Verif & Rel

View full text Add to dashboard Cite

Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front-end applications. In this paper, we present an approach to provide self-healing for the web. We implemented this approach in two different tools: (i) BikiniProxy, an HTTP repair proxy, and (ii) BugBlock, a browser extension. They use five self-healing strategies to rewrite the buggy HTML and JavaScript code to handle errors in web pages. We evaluate BikiniProxy and BugBlock with a new benchmark of 555 reproducible JavaScript errors of which 31.76% can be automatically self-healed by BikiniProxy and 15.67% by BugBlock.

show abstract

“…Appelt et al. do automatic repairs of firewall rules to improve the security of web application. While a firewall and a proxy are similar, the goal and the means are different: they focus on security while we focus on availability; they change firewall rules while BikiniProxy rewrites HTML and JavaScript code.…”

Section: Related Workmentioning

confidence: 99%

Fully Automated HTML and Javascript Rewriting for Constructing a Self-Healing Web Proxy

Durieux¹,

Hamadi²,

Monperrus³

2018

2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

Summary Over the last few years, the complexity of web applications has increased to provide more dynamic web applications to users. The drawback of this complexity is the growing number of errors in the front‐end applications. In this paper, we present an approach to provide self‐healing for the web. We implemented this approach in two different tools: (i) BikiniProxy, an HTTP repair proxy, and (ii) BugBlock, a browser extension. They use five self‐healing strategies to rewrite the buggy HTML and JavaScript code to handle errors in web pages. We evaluate BikiniProxy and BugBlock with a new benchmark of 555 reproducible JavaScript errors of which 31.76% can be automatically self‐healed by BikiniProxy and 15.67% by BugBlock.

show abstract

Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks

Cited by 20 publications

References 53 publications

A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

Fully Automated HTML and JavaScript Rewriting for Constructing a Self‐healing Web Proxy

Fully Automated HTML and Javascript Rewriting for Constructing a Self-Healing Web Proxy

Contact Info

Product

Resources

About