Analyzing web application vulnerability tests using Firewall/Intrusion Detection System

This study investigates web application vulnerabilities by analyzing attacks through the use of firewall and Intrusion Detection System (IDS). The attacks that were used to test against web services in this study includes reconnaissance attacks such as Ping Sweeping and TCP SYN port scanning, access attack such as SQL Injection, and denial-of-service attack such as TCP flooding. This study uses an open-source firewall, Vyatta VC6.4, which is bundled with packet analyzer, WireShark, and IDS, SNORT. Its main function is to perform proactive and reactive security functions to protect the Apache 2.0 web server within its internal network. Malicious packets that attempt to reach the web server are analyzed by the packet analyzer. Profile and characteristics are then derived from the observations done in the analysis. These profiles will then be used to design and implement an analysis framework. The author assumes two roles in this study; a hacker and administrator. The author follows the appropriate steps that an attacker would undertake to infiltrate the web server. This is done by launching host discovery attack first, followed by service discovery attack, and then either access attack to by-pass authentication service, or denial-of-service attack to take down the web server. All attacks conducted in this study are done in a controlled virtual environment running on VMware. As this study involves various attacks, the resulting analysis and framework for each attack differs from one another. Hence, the experiments of each attack are carried out independently, forming a chapter of its own. The analysis of each chapter is presented in tables and figures format within their own respective sections. With independent observations and analysis gathered from the different chapters, the author proposed an analysis framework that could effectively assist the analysis of web vulnerability attacks.