Add to ORKGWeb application firewalls (WAF) are an indispensable mechanism to protect online systems from attacks. However, the fast pace at which new kinds of attacks appear and their increasing sophistication require WAFs to be updated and tested regularly as otherwise they will be circumvented. In this paper, we focus our research on WAFs and SQL injection attacks, but the general principles and strategy could be adapted to other contexts. We present a machine learning-driven testing approach to automatically detect holes in WAFs that let SQL injection attacks bypass them. At the beginning, the approach can automatically generate diverse attacks (tests) and then submit them to a system that is protected by a WAF. Incrementally learning from the test...
Today most of us depend on Internet for our day to day activities such as financial transactions, ed...
A web application is a very important requirement in the information and digitalization era. With th...
Recent reports reveal that majority of the attacks to Web applications are input manipulation attack...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
peer reviewedWeb application firewalls (WAF) are an essential protection mechanism for online softwa...
International audienceInjections flaws which include SQL injection are the most prevalent security t...
peer reviewedTesting and fixing WAFs are two relevant and complementary challenges for security anal...
peer reviewedThis paper examines the effects and potential benefits of utilising Web Application Fir...
Web Application Firewalls are widely used in production environments to mitigate security threats li...
International audience—Injections flaws which include SQL injection are the most prevalent security ...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Injection vulnerabilities, such as SQL injection (SQLi), are ranked amongst the most dangerous types...
Today almost all organizations have changed their traditional systems and have improved their perfor...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Today most of us depend on Internet for our day to day activities such as financial transactions, ed...
A web application is a very important requirement in the information and digitalization era. With th...
Recent reports reveal that majority of the attacks to Web applications are input manipulation attack...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
peer reviewedWeb application firewalls (WAF) are an essential protection mechanism for online softwa...
International audienceInjections flaws which include SQL injection are the most prevalent security t...
peer reviewedTesting and fixing WAFs are two relevant and complementary challenges for security anal...
peer reviewedThis paper examines the effects and potential benefits of utilising Web Application Fir...
Web Application Firewalls are widely used in production environments to mitigate security threats li...
International audience—Injections flaws which include SQL injection are the most prevalent security ...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Injection vulnerabilities, such as SQL injection (SQLi), are ranked amongst the most dangerous types...
Today almost all organizations have changed their traditional systems and have improved their perfor...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Today most of us depend on Internet for our day to day activities such as financial transactions, ed...
A web application is a very important requirement in the information and digitalization era. With th...
Recent reports reveal that majority of the attacks to Web applications are input manipulation attack...