| The era of Web 2.0 is coming, which brings much convenience to every networkuser. However, the security issue on web applications becomes more and more serious,since a large of these web applications contain security vulnerabilities, which give achance for those malicious attackers. Moreover, the traditional security softwares, likeintrusion detection system or firewall, can only provide protectections for the lowerlayer of OSI(Open Systems Interconnection) model, but fail to avoid web applicationlayer attack.The core security issue for Web application lies in the input, which any user cansubmit. But most Web application developers don't konw much about the knowledgeof security programming, which results in the inability of filtering the data input. Asa result, the attackers can pass through the traditional security defence system easilyand inject the malicious code into the Web application. Then, attackers can control theWeb server, change the file system, manipulate the database and run OS commandsthrough the injected malicious code. The best way to prevent this Web applicationlayer attack is to set application layer rules in Web application firewall.In this paper, the prevalent Web application layer attack and defense skills areintroduced in the first place, followed by the summrization of the common Web appli-cation encoding methods and mutation attacking skills, which could make the state-of-art defense system effective. Then a scheme about Web application firewall is p-resented, which is comprised of the core engine, the management module and thedatabase. The core engine, acting as the most essential part, consists of the pre- pro-cessing part, the detecting part, the output filtering part and the journal monitoringpart. The pre-processing part is responsible for SSL decoding, encoding the input andnormalization for the character set. And this part can achieve the goal of decoding HTTPS bit stream and prevent every mutation attacks. The detecting part is designedto avoid various malicious inputs like SQL injecting. Besides, it utilizes URL rules torealize access control with fine granularity. It also adds a session control module tofix possible existing bugs in Web application system and defense the DDOS attack atapplication layer. The output filtering part could avoid the leakage of sensitive info-mation and could apply secure encoding to those output malicious HTML labels andproperties via a light-weight HTML explanation engine to avoid all crossing websiteattacks. The journal monitoring part adopts the hash function and message authentica-tion code to achieve the integrity and consistency of the system, which is a convenientway for further analysis and demonstration purpose.The prototype of Web application firewall is carried out in Python language.Through simulating the malicious attack and the application layer DDOS attack onthe vulnerability framework, experiment results indicate that the Web application fire-wall can prevent the system from all malicious attack while the normal data ?ow cango through the web application firewall successfully. |
PDF Full Text Request