Automated rules generation into Web Application Firewall using Runtime Application Self-Protection

With the increasing number of web applications on the industrial market, many related vulnerabilities have been discovered. Since these applications are not always fixable, cybersecurity experts use different solutions to protect them without modifying them. One of the most efficient solutions is to employ a WAF and a RASP to protect them. This gives us two lines of defence to protect ourselves from vulnerabilities. Currently, these solutions do not communicate directly with each other to improve the security in depth. This report aims to show a way to make the two tools communicate, and to improve the WAF using the RASP in order to improve the security level of this solution. Actually, by creating automatic WAF rules targeting certain types of attacks, it is possible to create this kind of solution while avoiding false positives and false negatives. Therefore, this type of new solution could become the basis of a better application security.