Abstract | ||
---|---|---|
The use of virtual patching tools to prevent attackers exploiting vulnerabilities of a web application is a widely adopted defensive approach. The constant evolution of applications, and thereby of attack techniques, requires a big maintenance and tuning effort to ensure that the remediation patches are working correctly. We put forward in this paper a tool supported process here security requirements expressed in a high level language over a model of the vulnerable application can be translated into rules enforceable by virtual patching tools. We present and discuss the results of applying this approach for securing WAVSEP, a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/LADC.2016.24 | 2016 Seventh Latin-American Symposium on Dependable Computing (LADC) |
Keywords | Field | DocType |
Web Application Firewall,Virtual Patching,Model-Driven Security | Data modeling,Unified Modeling Language,Computer security,Computer science,Web modeling,High-level programming language,Web application security,Web application,Vulnerability,Distributed computing | Conference |
ISSN | ISBN | Citations |
2471-6820 | 978-1-5090-5121-2 | 0 |
PageRank | References | Authors |
0.34 | 4 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Gustavo Betarte | 1 | 0 | 1.35 |
Rodrigo De La Fuente | 2 | 0 | 0.34 |
Rodrigo Martinez | 3 | 0 | 1.35 |
Juan Pirez | 4 | 0 | 0.34 |
Felipe Zipitria | 5 | 0 | 0.34 |