Systematic Approach for Web Protection Runtime Tools’ Effectiveness Analysis
Autor:
Sureda Riera, Tomás
; Bermejo Higuera, Juan Ramón
; Bermejo-Higuera, Javier
; Sicilia, Juan Antonio
; Martínez Herraiz, José-Javier
Fecha:
2022Palabra clave:
Revista / editorial:
CMES - Computer Modeling in Engineering and SciencesCitación:
Riera, T. S., Ramón, J., Higuera, J. B., Antonio, J., Javier, J. (2022). Systematic Approach for Web Protection Runtime Tools’ Effectiveness Analysis. CMES-Computer Modeling in Engineering & Sciences, 133(3), 579–599.Tipo de Ítem:
Articulo Revista IndexadaDirección web:
https://www.techscience.com/CMES/v133n3/49215Resumen:
Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources. Thus, different approaches to protect web applications have been proposed to date. Of them, the two major approaches are Web Application Firewalls (WAF) and Runtime Application Self Protection (RASP). It is, thus, essential to understand the differences and relative effectiveness of both these approaches for effective decision-making regarding the security of web applications. Here we present a comparative study between WAF and RASP simulated settings, with the aim to compare their effectiveness and efficiency against different categories of attacks. For this, we used computation of different metrics and sorted their results using F-Score index. We found that RASP tools scored better than WAF tools. In this study, we also developed a new experimental methodology for the objective evaluation of web protection tools since, to the best of our knowledge, no method specifically evaluates web protection tools.
Ficheros en el ítem
Nombre: systematic_approach_for_web_protection_runtime.pdf
Tamaño: 349.9Kb
Formato: application/pdf
Este ítem aparece en la(s) siguiente(s) colección(es)
Estadísticas de uso
Año |
2012 |
2013 |
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
Vistas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
120 |
126 |
Descargas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
181 |
62 |
Ítems relacionados
Mostrando ítems relacionados por Título, autor o materia.
-
Prevention and fighting against web attacks through anomaly detection technology. A systematic review
Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Martínez Herraiz, José-Javier; Sicilia, Juan Antonio (Sustainability (Switzerland), 01/06/2020)Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established ... -
A new multi-label dataset for Web attacks CAPEC classification using machine learning techniques
Sureda Riera, Tomás; Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Martínez Herraiz, José-Javier; Sicilia, Juan Antonio (Computers & Security, 2022)Context: There are many datasets for training and evaluating models to detect web attacks, labeling each request as normal or attack. Web attack protection tools must provide additional information on the type of attack ... -
Combinatorial method with static analysis for source code security in web applications
Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Sicilia, Juan Antonio ; Sureda Riera, Tomás; Argyros, Christopher I.; Magreñán, Á. Alberto (Tech Science Press, 2021)Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity. The construction of the procedure utilized in the static analysis tools of source code ...