{"id":"https://openalex.org/W1973303241","doi":"https://doi.org/10.1108/imcs-11-2012-0064","title":"Estimates on the effectiveness of web application firewalls against targeted attacks","display_name":"Estimates on the effectiveness of web application firewalls against targeted attacks","publication_year":2013,"publication_date":"2013-10-07","ids":{"openalex":"https://openalex.org/W1973303241","doi":"https://doi.org/10.1108/imcs-11-2012-0064","mag":"1973303241"},"language":"en","primary_location":{"id":"doi:10.1108/imcs-11-2012-0064","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-11-2012-0064","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management & Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103165985","display_name":"Hannes Holm","orcid":null},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Hannes Holm","raw_affiliation_strings":["Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden","(Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden)"],"affiliations":[{"raw_affiliation_string":"Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"(Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden)","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5005761737","display_name":"Mirjam Ekstedt","orcid":"https://orcid.org/0000-0002-4108-391X"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Mathias Ekstedt","raw_affiliation_strings":["Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden","(Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden)"],"affiliations":[{"raw_affiliation_string":"Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"(Industrial Information and Control Systems, The Royal Institute of Technology, Stockholm, Sweden)","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5103165985"],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":1.0874,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.78884896,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"21","issue":"4","first_page":"250","last_page":"265"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5251359939575195},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5006701946258545},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.39771682024002075},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3687419593334198},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.36717480421066284}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5251359939575195},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5006701946258545},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.39771682024002075},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3687419593334198},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.36717480421066284}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/imcs-11-2012-0064","is_oa":false,"landing_page_url":"https://doi.org/10.1108/imcs-11-2012-0064","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management & Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W83876155","https://openalex.org/W1495864704","https://openalex.org/W1982950099","https://openalex.org/W1996080364","https://openalex.org/W1999436718","https://openalex.org/W2008681738","https://openalex.org/W2009083767","https://openalex.org/W2012802935","https://openalex.org/W2053597171","https://openalex.org/W2054250639","https://openalex.org/W2065461065","https://openalex.org/W2079025608","https://openalex.org/W2111284364","https://openalex.org/W2121558310","https://openalex.org/W2132811257","https://openalex.org/W2145482311","https://openalex.org/W2156204309","https://openalex.org/W2159306398","https://openalex.org/W2678934292","https://openalex.org/W4248996458","https://openalex.org/W4388156124"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W2350741829","https://openalex.org/W2530322880","https://openalex.org/W1596801655"],"abstract_inverted_index":{"Purpose":[0],"\u2013":[1,75,111,159,188,238],"The":[2,99,112,160,189,223],"purpose":[3],"of":[4,12,29,80,101,120,153,169,191,198,214,220,225,260,263],"this":[5,261],"paper":[6],"is":[7,34,60,123,135,142,269],"to":[8],"estimate":[9],"the":[10,39,52,55,58,72,78,116,154,166,192,207,218,258],"effectiveness":[11,79,219,259],"web":[13,97],"application":[14],"firewalls":[15],"(WAFs)":[16],"at":[17],"preventing":[18],"injection":[19],"attacks":[20],"by":[21,90,183],"professional":[22,171],"penetration":[23,172],"testers":[24],"given":[25],"presence":[26,224],"or":[27],"absence":[28],"four":[30],"conditions:":[31],"whether":[32,41,54,65],"there":[33,146],"an":[35,42,61,199,226],"experienced":[36,62],"operator":[37,227],"monitoring":[38,228],"WAF;":[40,53],"automated":[43,200],"black":[44,201],"box":[45,202],"tool":[46,203],"has":[47,68,230],"been":[48,69,130],"used":[49],"when":[50],"tuning":[51,57,71,194,205,212],"individual":[56],"WAF":[59,122],"professional;":[63],"and":[64,206],"significant":[66],"effort":[67,209],"spent":[70,210],"WAF.":[73,185,222],"Design/methodology/approach":[74],"Estimates":[76],"on":[77,211,234],"WAFs":[81],"are":[82,104,147,162,213,241],"made":[83],"for":[84,165,178,204,217],"16":[85],"operational":[86,267],"scenarios":[87,268],"utilizing":[88],"judgments":[89,100],"49":[91],"domain":[92],"experts":[93,103],"participating":[94],"in":[95,250],"a":[96,121,170,180,184,195,221,244],"survey.":[98],"these":[102],"pooled":[105],"using":[106],"Cooke's":[107],"classical":[108],"method.":[109],"Findings":[110],"results":[113,161],"show":[114],"that":[115],"median":[117,139],"prevention":[118,140],"rate":[119,141],"80":[124],"percent":[125],"if":[126],"all":[127],"measures":[128],"have":[129],"employed.":[131],"If":[132],"no":[133,148],"measure":[134],"employed":[136],"then":[137],"its":[138,235],"25":[143],"percent.":[144],"Also,":[145],"strong":[149],"dependencies":[150],"between":[151],"any":[152],"studied":[155],"measures.":[156],"Research":[157],"limitations/implications":[158],"only":[163],"valid":[164],"attacker":[167],"profile":[168],"tester":[173],"who":[174],"prepares":[175],"one":[176],"week":[177],"attacking":[179],"WA":[181,239],"protected":[182],"Practical":[186],"implications":[187],"competence":[190],"individual(s)":[193],"WAF,":[196],"employment":[197],"manual":[208],"great":[215],"importance":[216],"it":[229],"minor":[231],"positive":[232],"influence":[233],"effectiveness.":[236],"Originality/value":[237],"vulnerabilities":[240],"widely":[242],"considered":[243],"serious":[245],"concern.":[246],"To":[247],"manage":[248],"them":[249],"deployed":[251],"software,":[252],"many":[253],"enterprises":[254],"employ":[255],"WAFs.":[256],"However,":[257],"type":[262],"countermeasure":[264],"under":[265],"different":[266],"largely":[270],"unknown.":[271]},"counts_by_year":[{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}