Sciweavers

Share
CCS
2006
ACM

Bridging the gap between web application firewalls and web applications

10 years 2 months ago
Bridging the gap between web application firewalls and web applications
Web applications are the Achilles heel of our current ICT infrastructure. NIST's national vulnerability database clearly shows that the percentage of vulnerabilities located in the application layer increases steadily. Web Application Firewalls (WAFs) play an important role in preventing exploitation of vulnerabilities in web applications. However, WAFs are very pragmatic and ad hoc, and it is very hard to state precisely what security guarantees they offer. The main contribution of this paper is that it shows how, through a combination of static and dynamic verification, WAFs can formally guarantee the absence of certain kinds of erroneous behaviour in web applications. We have done a prototype implementation of our approach building on an existing static verification tool for Java, and we have applied our approach to a medium-sized J2EE based web application. Categories and Subject Descriptors D.2.4 [Software Engineering]: Software/Program Verification; F.3.1 [Logics and Meanin...
Lieven Desmet, Frank Piessens, Wouter Joosen, Pier
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CCS
Authors Lieven Desmet, Frank Piessens, Wouter Joosen, Pierre Verbaeten
Comments (0)
books