Security automation for web-based attacks

One of the most emerging innovations of the last years is the security automation of networks. Various technologies have been developed to streamline all security processes within different network environments. Two significant advancements in this field are SDN (Software-Defined Network) and NFV (Network Function Virtualization), which have elevated automation to a central role in cybersecurity. These technologies enable the construction of networks where certain nodes are not tied to specific hardware but are instead virtualized, allowing them to deploy network functions through software. Within this context, the VEREFOO (VErified REfinement and Optimized Orchestration) framework has been developed; it is capable of obtaining an automated and optimal allocation of some NSFs (Network Security Functions), necessary to fulfil a set of NSRs (Network Security Requirements) provided as input, starting from a logical description of the network topology. VEREFOO ensures optimality and formal correctness of its solutions through the formulation of a MaxSMT problem solved efficiently by z3, a theorem prover developed by Microsoft Research. This thesis goal is to enhance VEREFOO by designing and implementing a solution capable of automatically configuring and deploying Web Application Firewalls within a network. Web Application Firewalls are firewalls which, in addition to regular filtering rules, specialize in web traffic and web applications. This thesis specifically focuses on the defense against web- based attacks, which are becoming increasingly frequent and sophisticated. By utilizing a Web Application Firewall as virtual network function, and exploiting the ModSecurity Core Rule Set, the proposed solution aims to protect web applications from a wide range of threats such as SQL injection and XSS.