SPARTA Publications
All accepted publications from SPARTA partners under its funding.
WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs
Luca Demetrio, Gabriele Costa, Andrea Valenza and Giovanni Lagorio
AbstractWeb Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF penetration testing, benchmarking and hardening.