Experimental study of ModSecurity web application firewalls

  • Author(s) / Creator(s)
  • Risks related to web security are too important to be ignored. The Open Web Application Security Project (OWASP) document maintains a rating of the top 10 common threats. Although not an official standard, is widely acknowledged in the classification of vulnerabilities. This paper evaluates the effectiveness of ModSecurity web application firewall with OWASP Core Rule Set (CRS) version 3.2 released in September 2019 to detect known web security risks. This paper proposes to provide insight on detection capability of ModSecurity with CRS v.3.2 at default level, how well it can protect web server against Denial of Service (DoS) attacks, and performance on web server in terms of Throughput (the average amount of bytes transmitted every second), Transaction rates (the amount of hits), Concurrency (the average number of parallel connections and increases as server efficiency declines). In addition, provides recommendation on areas of improvement and future research areas.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International