Text
Uji kapabilitas Web Application Firewall (WAF): Shadow Daemon, RaptorWAF, OctopusWAF pada web server menggunakan Waf-Bypass dan Load Testing
Kerentanan pada web server dapat dimitigasi dengan memasang Web Application Firewall (WAF). WAF berfungsi untuk memantau, menyaring, dan memblokir paket data yang terindikasi sebagai malicious request. Terdapat beberapa aplikasi WAF yang tersedia secara gratis seperti Shadow Daemon, RaptorWAF, dan OctopusWAF, tentunya dengan karakteristik dan spesifikasi yang berbeda-beda. Untuk memilih WAF yang sesuai dengan kebutuhan, diperlukan data atau informasi terkait kapabilitas WAF tersebut. Pada penelitian ini dilakukan pengujian kapabilitas beberapa aplikasi WAF dengan menggunakan tiga skema yaitu pengujian menggunakan waf-bypass, load testing, dan penilaian kriteria berdasarkan WAFEC dengan menerapkan rules bawaan atau default dari masing-masing aplikasi WAF. Pengujian dilakukan untuk mengetahui performa, kesesuaian kriteria WAF, dan ketahanan aplikasi WAF dalam mencegah serangan. Hasil pengujian menunjukkan bahwa WAF Shadow Daemon unggul pada parameter data transferred, throughput, dan concurrency sehingga WAF Shadow Daemon juga mendapatkan nilai tertinggi pada 2 kriteria WAFEC yaitu pada kriteria maximum throughput per second dan maximum number of concurrent connections. RaptorWAF unggul pada parameter transaction dan transaction rate sehingga RaptorWAF juga mendapatkan nilai tertinggi pada 2 kriteria WAFEC yaitu pada kriteria maximum new connections per second dan maximum request per second. OctopusWAF unggul pada nilai kapabilitas akurasi, presisi, recall, f-measure, dan latency sehingga OctopusWAF juga mendapatkan nilai paling baik pada WAFEC kriteria request latency. --
Vulnerabilities on the web server can be mitigated by installing a Web Application Firewall (WAF). WAF functions to monitor, filter, and block data packets that indicated as malicious requests. There are several WAF applications available for free such as Shadow Daemon, RaptorWAF, and OctopusWAF, of course with different characteristics and specifications. To choose the WAF that suits with your needs, data or information related to the WAF's capabilities is needed. In this study, the capability of several WAF applications was tested using three schemes, namely testing using waf-bypass, load testing, and evaluating criteria based on WAFEC by applying the default rules of each WAF application. The tests were carried out to determine the performance, suitability of the WAF criteria, and the resilience of the WAF application in preventing attacks. The test results show that the WAF Shadow Daemon excels on the parameters of the transferred data, throughput, and concurrency so that the WAF Shadow Daemon also gets the highest score on the 2 WAFEC criteria, namely the criteria for maximum throughput per second and maximum number of concurrent connections. RaptorWAF excels in transaction and transaction rate parameters, so RaptorWAF also gets the highest score on 2 WAFEC criteria, namely the criteria for maximum new connections per second and maximum requests per second. OctopusWAF excels in the value of accuracy, precision, recall, f-measure, and latency capabilities so that OctopusWAF also gets the best score on the WAFEC request latency criteria.
Availability
Detail Information
- Series Title
-
-
- Call Number
-
2022 EGA u
- Publisher
- Bogor : Politeknik Siber dan Sandi Negara., 2022
- Collation
-
xiv, 85 hlm.
- Language
-
Indonesia
- ISBN/ISSN
-
--
- Classification
-
--
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
--
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
Ega Bagus Wibowo
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography