Evaluation of Open-source Web Application Firewalls for Cyber Threat Intelligence

One of the most well-known attack detection and prevention systems for web application security is the web application firewall. In this chapter, we present a study on the effectiveness of the most popular and widely used open-source web application firewalls, named AQTRONIX Webknight v4.4 and ModSecurity v3.0.4, within the four paranoia levels of CRS v3.3.0. According to the experimental results based on the Payload All The Thing and CSIC HTTP 2010 datasets, AQTRONIX Webknight is an effective system for securing web applications against attacks, having identified all the attacks launched with a recall value of 98.5%. It has, however, produced a high false positive rate, with a value of 99.6%. Furthermore, ModSecurity capability is dependent on the PL of CRS configured. We discovered that as PL increases, so does the number of recognized assaults. Unlike the other levels, ModSecurity had a high false positive rate at level 4, with a value of 60.3%.