Framework for Web Application Vulnerability Discovery and Mitigation by Customizing Rules Through ModSecurity

In the current era, Digitization has taken day-to-day utilities starting from a cab to grossary on the internet. All the service providers heavily leverage IT and IT Services. Web Application plays a significant role in providing these services. While Digital opens infinite opportunities to increase business and enhance delivery, it also exposes business to an unseen world of cyber-attacks. To prevent the business from digital dysfunctioning, organizations pro-actively and continuously perform Vulnerability Assessments & Penetration Tests on their IT Assets (i.e. Web Applications, Network Devices, Servers, Security Devices, etc.). However, quite often such scans become time consuming and generate unreliable results and none of the tools can find out the effective vulnerability. However, with a set of combined tools in one framework, it is possible to increase the coverage of vulnerability issues. The aim of the research is to present two approaches: (1) Web application vulnerability discovery through a set of web application vulnerability scanners and its integration on the same framework (python as scripting engine) using multi-threading technique (to reduce the scan time). (2) Mitigation of the detected web application vulnerabilities by customizing configuration rules through web application firewall ModSecurity.