WAF-A-MoLE
Luca Demetrio, Andrea Valenza, Gabriele Costa, Giovanni Lagorio
Abstract
Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic analysis performed by a WAF.
Topics & Concepts
Computer scienceAdversaryComputer securitySignature (topology)CraftSQL injectionApplication firewallWorld Wide WebStateful firewallNetwork packetArchaeologyMathematicsQuery by ExampleWeb search queryHistorySearch engineGeometryWeb Application Security VulnerabilitiesNetwork Security and Intrusion DetectionSpam and Phishing Detection