Exploring and Improving the Usability of ModSecurity Web Application Firewall

Murat Alagoz, Mevlut Serkan Tok, Kemal Bicakci

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde BölümKonferans katkısıbilirkişi

1 Atıf (Scopus)

Özet

ModSecurity is an open-source web application firewall. The correct configuration is key to its effective operation but could be tricky since usability flaws could lead to errors and misconfiguration, threatening the security and availability. In this study, we first conduct the usability inspection of ModSecurity through a hybrid approach consisting of heuristic evaluation and cognitive walkthrough. We find out that ModSecurity has no feedback for semantic errors or successful rule implementation during the rule entry process, and the webserver goes down if there is a syntax error in any implemented rule. We propose a rule checking and feedback mechanism to mitigate these drawbacks. Then, we perform a between-subjects user study to evaluate the effectiveness and usability of our proposed method. The results indicate that unsuccessful rule entry rate and syntax error-related web server downtime significantly reduced with the rule checking and feedback mechanism introduced to ModSecurity. Thereby, we improve ModSecurity's effectiveness as well as the level of security and availability of ModSecurity-protected web servers.

Orijinal dilİngilizce
Ana bilgisayar yayını başlığı14th International Conference on Information Security and Cryptology, ISCTURKEY 2021 - Proceedings
EditörlerSeref Sagiroglu, Sedat Akleylek, Mustafa Alkan, Ferruh Ozbudak, Yavuz Canbay, Ertugrul Karacuha, Ali Aydin Selcuk
YayınlayanInstitute of Electrical and Electronics Engineers Inc.
Sayfalar51-56
Sayfa sayısı6
ISBN (Elektronik)9781665407762
DOI'lar
Yayın durumuYayınlandı - 2021
Etkinlik14th International Conference on Information Security and Cryptology, ISCTURKEY 2021 - Ankara, Turkey
Süre: 2 Ara 20213 Ara 2021

Yayın serisi

Adı14th International Conference on Information Security and Cryptology, ISCTURKEY 2021 - Proceedings

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???14th International Conference on Information Security and Cryptology, ISCTURKEY 2021
Ülke/BölgeTurkey
ŞehirAnkara
Periyot2/12/213/12/21

Bibliyografik not

Publisher Copyright:
© 2021 IEEE.

Parmak izi

Exploring and Improving the Usability of ModSecurity Web Application Firewall' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

Alıntı Yap