A web application is prone to security threats due to its open nature. The security of these platforms is imperative for organizations of all sizes because they store sensitive information. Consequently, exploiting web application vulnerabilities could result in large-scale data breaches and significant brand and financial damages. SQL injection (SQLi) represents a popular attack vector that malicious actors use to compromise website security. Web application firewalls (WAFs) play a primary role in preventing such malicious attack typologies. In the recent literature, several advances have been proposed in the field of WAF enhancement to prevent SQLi exploitation. However, many of them test the effectiveness of a WAF without releasing a patch to fix security flaws if a WAF is bypassed. In other cases, the patch is distributed exclusively according to the syntax specified by the WAF tested. This paper introduces a framework that leverages PROxy Grammar to Enhance web application firewalls for SQL Injection prevention (PROGESI). The proposed solution can act as an intermediary layer between the targeted web server and the incoming application level requests. Specifically, PROGESI can be used individually or in combination with a WAF and includes a series of rules that patch SQLi vulnerabilities exposed by a specific web server. Furthermore, it can identify and mitigate SQLi attempts, also when attackers use mutation techniques, since the rules used encompass generalization mechanisms. The experiments performed revealed two strengths of PROGESI: (i) the ability to identify SQLi even in the presence of server-side defense mechanisms, which increases as the generalization rate implemented by the rule generation algorithm increases; (ii) impressive detection performance even for low generalization rate values, which is higher than that achieved by competitors using a state-of-the-art SQLi dataset.

PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention

Dentamaro V.;Galantucci S.
;
Pirlo G.
2024-01-01

Abstract

A web application is prone to security threats due to its open nature. The security of these platforms is imperative for organizations of all sizes because they store sensitive information. Consequently, exploiting web application vulnerabilities could result in large-scale data breaches and significant brand and financial damages. SQL injection (SQLi) represents a popular attack vector that malicious actors use to compromise website security. Web application firewalls (WAFs) play a primary role in preventing such malicious attack typologies. In the recent literature, several advances have been proposed in the field of WAF enhancement to prevent SQLi exploitation. However, many of them test the effectiveness of a WAF without releasing a patch to fix security flaws if a WAF is bypassed. In other cases, the patch is distributed exclusively according to the syntax specified by the WAF tested. This paper introduces a framework that leverages PROxy Grammar to Enhance web application firewalls for SQL Injection prevention (PROGESI). The proposed solution can act as an intermediary layer between the targeted web server and the incoming application level requests. Specifically, PROGESI can be used individually or in combination with a WAF and includes a series of rules that patch SQLi vulnerabilities exposed by a specific web server. Furthermore, it can identify and mitigate SQLi attempts, also when attackers use mutation techniques, since the rules used encompass generalization mechanisms. The experiments performed revealed two strengths of PROGESI: (i) the ability to identify SQLi even in the presence of server-side defense mechanisms, which increases as the generalization rate implemented by the rule generation algorithm increases; (ii) impressive detection performance even for low generalization rate values, which is higher than that achieved by competitors using a state-of-the-art SQLi dataset.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11586/512521
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact