Towards automated web application logic reconstruction for application level security
This addresses security issues for web application developers and administrators by aiming to reduce manual effort and improve intrusion detection, though it appears incremental as it builds on existing WAF concepts.
The paper tackles the problem of Web Application Firewalls (WAFs) having low accuracy and high false positives due to inability to recognize custom application logic, proposing an approach to automatically model web applications for security to help next-generation WAFs adapt.
Modern overlay security mechanisms like Web Application Firewalls (WAF) suffer from inability to recognize custom high-level application logic and data objects, which results in low accuracy, high false positives rates, and overhelming manual effort for fine tuning. In this paper we propose an approach to web application modeling for security purposes that could help next-generation WAFs to adapt to specific web applications, and do it automatically whenever possible. We aim at creating multi-layer models that adequately simulate various aspects of web application functionality that are significant for intrusion detection and prevention, including request parsing and routing, reconstruction of actions and data objects, and action interdependencies.