Web Application Firewall Using Proxy and Security Information and Event Management (SIEM) for OWASP Cyber Attack Detection

Web Application Firewall Using Proxy and Security Information and Event Management (SIEM) for OWASP Cyber Attack Detection

연구 분야: Safety

학회: 2023 IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS)

Web applications face increasing security threats, with a 210% rise in attacks in 2022 compared to 2020, including 172 daily attacks per website and 2,306 weekly bot accesses. The most prevalent vulnerabilities are Cross-Site Scripting (XSS) affecting 1 million websites and SQL injection impacting 332,000 pages. To address these issues, a WordPress plugin is designed, integrating Security Information and Event Management (SIEM) and a proxy-based Web Application Firewall (WAF). The proxy based WAF enhances website security by detecting and blocking malicious requests based on OWASP rules, while SIEM collects and simplifies security data from various sources. This system effectively identifies XSS at 100%, SQL Injection at 97%, and Local File Inclusion (LFI) at 74% according to OWASP standards.