PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention

Antonio Coscia; Vincenzo Dentamaro; Stefano Galantucci; Antonio Maci; Giuseppe Pirlo

doi:10.1109/ACCESS.2024.3438092

IEEE Access (Jan 2024)

PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention

Antonio Coscia,
Vincenzo Dentamaro,
Stefano Galantucci,
Antonio Maci,
Giuseppe Pirlo

Affiliations

Antonio Coscia: ORCiD; Cybersecurity Laboratory, BV TECH S.p.A., Milan, Italy
Vincenzo Dentamaro: ORCiD; Department of Computer Science, University of Bari Aldo Moro, Bari, Italy
Stefano Galantucci: ORCiD; Department of Computer Science, University of Bari Aldo Moro, Bari, Italy
Antonio Maci: ORCiD; Cybersecurity Laboratory, BV TECH S.p.A., Milan, Italy
Giuseppe Pirlo: ORCiD; Department of Computer Science, University of Bari Aldo Moro, Bari, Italy

DOI: https://doi.org/10.1109/ACCESS.2024.3438092
Journal volume & issue: Vol. 12
pp. 107689 – 107703

Abstract

Read online

A web application is prone to security threats due to its open nature. The security of these platforms is imperative for organizations of all sizes because they store sensitive information. Consequently, exploiting web application vulnerabilities could result in large-scale data breaches and significant brand and financial damages. SQL injection (SQLi) represents a popular attack vector that malicious actors use to compromise website security. Web application firewalls (WAFs) play a primary role in preventing such malicious attack typologies. In the recent literature, several advances have been proposed in the field of WAF enhancement to prevent SQLi exploitation. However, many of them test the effectiveness of a WAF without releasing a patch to fix security flaws if a WAF is bypassed. In other cases, the patch is distributed exclusively according to the syntax specified by the WAF tested. This paper introduces a framework that leverages PROxy Grammar to Enhance web application firewalls for SQL Injection prevention (PROGESI). The proposed solution can act as an intermediary layer between the targeted web server and the incoming application level requests. Specifically, PROGESI can be used individually or in combination with a WAF and includes a series of rules that patch SQLi vulnerabilities exposed by a specific web server. Furthermore, it can identify and mitigate SQLi attempts, also when attackers use mutation techniques, since the rules used encompass generalization mechanisms. The experiments performed revealed two strengths of PROGESI: (i) the ability to identify SQLi even in the presence of server-side defense mechanisms, which increases as the generalization rate implemented by the rule generation algorithm increases; (ii) impressive detection performance even for low generalization rate values, which is higher than that achieved by competitors using a state-of-the-art SQLi dataset.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords