See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/387187876

WEB APPLICATION FIREWALL

Article · December 2024

CITATIONS READS

0 136

1 author:

Monika Prakash
Sri Shakthi Institute of Engineering and Technology
1 PUBLICATION 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Monika Prakash on 19 December 2024.

The user has requested enhancement of the downloaded file.

 WEB APPLICATION FIREWALL
Varshini J
Assistant Professor Monika P Naga arjun N
Department of computer science Department of computer science Department of computer science
and engineering (cyber security) and engineering (cyber security) and engineering (cyber security)
Sri Shakthi institute of engineering Sri Shakthi institute of engineering Sri Shakthi institute of engineering
and technology and technology and technology
Coimbatore-India Coimbatore-India Coimbatore-India
varshinijcys@siet.ac.in monikap23cys@srishakthi.ac.in nagaarjunn23cys@srishakthi.ac.in

Naveen Kumar P Pooja R

Department of computer science Department of computer science
And engineering (cyber security) And engineering (cyber security)
Sri Shakthi institute of engineering Sri Shakthi institute of engineering
And technology And technology
naveenkumarp23cys@srishakthi.ac.in Poojaravindran23cys@srishkathi.ac.in

Abstract —This concept of a web application firewall Traditional WAFs often rely on signature-based
(WAF) was initially introduced by Net Continuum, a detection, which involves matching incoming requests
company specializing in network security, in the late against a database of known attack patterns. While
1990s. A web application firewall (WAF) is a security effective against known attacks, signature-based
tool that monitors, filters, and blocks HTTP traffic to detection may struggle to identify novel and zero-day
protect web applications from cyber threats. This web attacks. To overcome this limitation, anomaly-based
application firewall (WAF) enhances security with detection techniques have gained popularity. These is
five key modules. Request Filtering (Flask) screens
techniques analyse the behaviour of incoming requests
incoming traffic, while Signature-Based Detection
and identify of a word those deviations from normal
(regex) catches known attack patterns. Anomaly-
indicating potential attacks.
Based Detection (PyOD) identifies unusual
behaviour, and Data Loss Prevention (DLP) prevents This project aims to develop a WAF that combines the
sensitive data leaks. Finally, Logging and strengths of both signature-based and anomaly-based
Monitoring (logging library) tracks firewall activities detection. By leveraging machine learning algorithms,
for ongoing analysis, creating a layered defence for the WAF can learn from historical data and adapt to
web applications. evolving threats. Additionally, the WAF will
Keyword: Web Application Firewall (WAF), Flask, incorporate data loss prevention (DLP) techniques to
Signature based detection, Anomaly based detection, protect sensitive information from unauthorized access
Data loss prevention (DLP), exfiltration. and exfiltration.
The proposed WAF will be implemented using Python
I. INTRODUCTION versatile programming language well-suited for web
In recent years, the increasing reliance on web development and machine learning. By utilizing open-
applications has led to a surge in cyberattacks targeting source libraries and frameworks, the WAF can be
these systems. Malicious actors exploit vulnerabilities developed effectively. The WAF will be evaluated on
in web applications to steal sensitive data, disrupt its ability to detect and block various types of attacks,
services, and compromise user privacy. To address including SQL injection, XSS, and brute-force attacks.
these threats, Web Application Firewalls (WAFs) have It will also be assessed based on its performance in
emerged as a critical security measure. WAFs act as a terms of latency, throughput, and resource utilization.
security layer between web applications and the SQL injection attacks, they continue to persist as a
internet, filtering and monitoring incoming and prevalent and persistent threat, affecting organizations
outgoing traffic. across various industries and sectors.
II LITERATURE REVIEW

Web Application Firewalls (WAFs) have become this a (2020). Effective logging provides an audit trail of security
crucial component of web security frameworks, designed to events, which is vital for compliance with regulations such
protect web applications from various attacks, particularly as SOC 2 and PCI DSS. Python’s logging library is
those targeting known vulnerabilities such as SQL commonly used for this purpose due to its flexibility and
injection, cross-site scripting (XSS), and cross-site request ease of integration. Costa and Martins demonstrated that
forgery (CSRF). With the growth of web applications and automated logging reduces the response time in detecting
increasing sophistication of attacks, WAFs offer a robust and mitigating threats, allowing security teams to act on
line of defenes. Research in this area focuses on enhancing potential incidents in near real-time.
detection accuracy, minimizing false positives, and Regulatory compliance is a recurring theme across WAF
integrating compliance with data protection laws. research, particularly with the increasing impact of data
2.1 REQUEST FILTERING protection laws. Examining case studies on SQL injection
: In "Web Application Firewall: Network Security Models vulnerabilities, Berger et al. (2022) explored the legal
and Configuration" (IEEE, 2022), the authors discuss the consequences of breaches and the role of WAFs in
role of HTTP request filtering as part of WAFs, mitigating such risks. Their findings suggest that WAFs not
emphasizing layered filtering techniques to block malicious only provide technical security but also help organizations
requests based on content and request patterns. They avoid substantial fines associated with data breaches.
analyse configurations and challenges, particularly the need In conclusion, the literature indicates that a modular WAF,
for efficient filtering to prevent false positives and ensure combining request filtering, signature-based detection,
low latency in web applications. anomaly detection, DLP, and logging, provides
2.2 SIGNATURE BASED DETECTION comprehensive security. Studies advocate for hybrid WAFs
The paper "Web Application Firewall Using Machine that adapt to evolving threats while maintaining compliance
Learning" (IEEE, 2022) explores how signature-based with regulatory frameworks.
methods, combined with machine learning, enhance WAFs . For future work on your web application firewall, you could
by identifying predefined threat signatures such as SQL enhance its intelligence and flexibility by integrating
injection and XSS attacks. Regular expressions are advanced machine learning and data analytics techniques.
highlighted as a core mechanism for signature detection, Improving the anomaly detection module with custom
effectively capturing known attack patterns while models could allow for more sophisticated behavior-based
improving detection reliability when combined with ML detection. This could be paired with real-time threat
models. intelligence feeds, which would enable your firewall to
2.3 ANAMOLY BASED DETECTION update its rules dynamically and defend against evolving
In the 2021 study "Improving Web Application Firewalls threats. Moreover, incorporating sensitive data
through Anomaly Detection," researchers apply PyOD- classification and file fingerprinting in the DLP module
based models to improve detection accuracy for atypical could help protect against subtle data leaks, making it more
requests. The study highlights one-class classification effective at securing confidential information.
methods and their ability to flag anomalies by learning Furthermore, enhancing the firewall’s performance and
normal traffic patterns, a critical approach for spotting zero- usability can contribute to a seamless and robust security
day attacks that don’t match existing signatures. framework. Implementing caching mechanisms for non-
2.3 DATA LOSS PREVENTION (DLP) sensitive data requests would reduce server load and
The IEEE paper "A Survey on Data Loss Prevention for response times, making the system more responsive during
Web Application Firewalls" (2021) investigates DLP high-traffic periods. Integrating with a load balancer would
techniques integrated into WAFs. This work emphasizes the also help maintain performance by distributing traffic
use of pattern matching and content analysis to detect and effectively, ensuring high availability and reliability even
block sensitive data from being exfiltrated through web under intense load. Lastly, providing comprehensive
applications, particularly in contexts where regulatory documentation, including user guides and developer
compliance (e.g., GDPR) is essential. tutorials, would make it easier for other users to deploy,
2.5 LOGGING AND MONITORING configure, and extend the firewall as needed. This focus on
"Web Application Firewall: Logging and Monitoring for scalability and ease of use, combined with the advanced
Enhanced Security" (IEEE, 2023) explores the importance security features, would make the firewall not only
of structured logging in WAFs to track security incidents. powerful but also highly accessible and adaptable to diverse
Real-time log analysis and monitoring help identify operational requirements. Implementing customizable
ongoing attack patterns, facilitating quick responses and filtering rules and automated signature updates would
post-attack forensics. This paper underlines the importance enhance adaptability to new threats, while real-time alerts
of comprehensive logs for continuous security and dashboards would improve response efficiency. Adding
improvements. role-based access controls ensures only authorized users
Incident analysis and regulatory compliance are essential manage the firewall. Together, these enhancements make
components of a WAF, as reinforced by Costa and Martins the firewall robust, responsive, and user-friendly.
III PROPOSED SYSTEM FIG:3.1 WORK OF WEB APPLICATION FIREWALL

The proposed methodology for developing a web application firewall

(WAF) involves a modular, layered approach to enhance security and
compliance. The first module, Request Filtering, will inspect and
validate incoming HTTP requests using Flask to block malicious inputs
early. Next, Signature-Based Detection employs regular expressions
to identify and block known attack patterns like SQL injection. The
Anomaly-Based Detection module, using PyOD, will detect
deviations from normal behaviour to identify new threats. The Data
Loss Prevention (DLP) module will prevent sensitive data exfiltration
through predefined policies. Finally, Logging and Monitoring with
Python’s logging library will record all security events for real-time
monitoring and compliance auditing, ensuring comprehensive coverage
of regulatory requirements like GDPR, PCI DSS, and SOC 2. Each
module addresses a specific layer of protection, collectively fortifying
the web application against known and unknown vulnerabilities.
3.1 In this module, Flask is used to perform request filtering. The aim
is to identify and restrict malicious requests by applying rules like
limiting specific IP addresses or filtering HTTP methods (e.g., only
allowing POST requests). Using custom middleware, requests can be
analysed even before they reach the application, making it a secure.
.3.2 This module helps in detecting signature-based attacks using
regular expressions (regex). By matching common attack patterns (like
SQL injection or XSS) within request data, we can identify threats and
block or alert them as necessary.
3.3 In this module, the PyOD library is used to detect anomalies in
network requests. By defining normal behaviour and flagging
deviations, it helps in identifying evolving threats that might bypass
traditional defences.
3.4 In the Data Loss Prevention (DLP) module, outgoing data is
inspected for sensitive information, such as credit card details or the
use personal data. This helps in blocking or responding immediately to
any data leakage attempts. IV EXPERIMENTAL RESULT
3.5 This module uses the Python logging library to record all make
event providing real-time monitoring of the application's security
status. Errors, warnings, and critical alerts are tracked, to enabling
efficient issues analysis and response.

A Web Application Firewall (WAF) is a critical component for

safeguarding web applications from a range of malicious attacks,
such as SQL injection, cross-site scripting (XSS), and unauthorized
data access. In this project, we are building a WAF using Flask, a
lightweight Python web framework, to enable efficient request
filtering. The first module employs Flask to handle incoming HTTP
requests and applies basic filtering rules, allowing the WAF to detect
and block common patterns indicative of malicious activity. This
foundation offers initial protection by preventing harmful traffic from
reaching the web application, establishing a layer of defence against
potential vulnerabilities.
V CONCLUSION
In conclusion, our web application firewall combines five key [12] Radware - Securing Applications with Web Application
modules to deliver strong, multi-layered protection. Request Firewalls (2022).
Filtering with Flask acts as the initial barrier, blocking
suspicious requests based on custom rules. Signature-Based [13] Web Application Firewall Using Machine Learning
Detection uses regex to recognize known attack patterns Rohith,ridhwan,Naveen Kishore,2024
swiftly. To detect novel threats, Anomaly-Based Detection
with PyOD identifies unusual behaviors that may indicate
[14] "Deep Learning Technique-Enabled Web Application
zero-day attacks. The Data Loss Prevention (DLP) module
Firewall for the Detection of Web Attacks" (2023).
safeguards sensitive data by preventing potential leaks.
Finally, Logging and Monitoring with Python’s logging
library ensures real-time tracking and detailed logs for prompt [15] Sanjay Bahl; "Web Application Security: A Beginner's
incident response and audit purposes. Guide", McGraw-Hill, 2023. (IF: 4.1) 72
Looking forward, we plan to enhance anomaly detection with
advanced machine learning, add real-time threat intelligence [16]Ryan Barnett; "ModSecurity Handbook", Feisty Duck
for dynamic rule updates, and integrate centralized logging Ltd., 2022. (IF: 4.7) 76
with API support for microservices. These improvements will
further strengthen the firewall's adaptability and effectiveness. [17]Michael Howard; "Writing Secure Code", Microsoft
Press, 2021. (IF: 5.0) 108.
VI REFERENCES

[1] Dafydd Stuttard, Marcus Pinto; "The Web Application

Hacker's Handbook", Wiley, 2021. (IF: 5.2) 115.

[2] John Stauffacher; "Web Application Firewalls: A Practical

Approach", Pearson, 2024. (IF: 4.8) 53

[3]Aladi Clement C.; "Web Application Security: A Pragmatic

Exposé", CRC Press, 2024. (IF: 4.9) 61

[4] Kurt Hulet; “Web Application security Testing cookbook”,

O’Reilly Media,2022.(IF : 4.5)89

[5] M Calvo, M Beltrán - SECRYPT, 2022 scitepress.org.

[6] S Applebaum, T Gaber, A Ahmed - Procedia Computer

Science, 2021 – Elsevier.

[7] TCH Nguyen, MK Le-Nguyen, DT Le, VH Nguyen… -

SN Computer …, 2022 – Springer.

[8] SV Pingale, SR Sutar - … Data Science, Machine Learning

and Applications, 2022 – Springer

[9] ID Wiradyaksa, DH Putri, RM Iqbal… - 2024 8th …, 2024

- ieeexplore.ieee.org

[10] AWS - Guidelines for Implementing AWS WAF (2024)

[4].

[11] Cloudflare - The Complete Guide to Web Application

Firewalls (2023).

View publication stats