Date of Publication


Document Type

Master's Thesis

Degree Name

Master in Information Security

Subject Categories

Information Security


College of Computer Studies


Computer Technology

Thesis Advisor

Fritz Kevin S. Flores

Defense Panel Chair

Gregory G. Cu

Defense Panel Member

Katrina Ysabel C. Solomon
Fritz Kevin S. Flores


With the continuing and rapid evolution of technology, evidently during when the pandemic situation experienced globally, it opens various opportunities for businesses in terms of allowing everyone to easily access their public or private information, allowing people to work remotely and even conduct online transactions on the web, however, cybercriminals took advantage of this opportunity as well to exploit publicly exposed web applications or servers, to infiltrate and eventually exposing data that could impact users and organizations alike. Given the shift of development to these rapid web development and technologies, most organizations that are hosting and deploying these web applications and servers often overlook security and accessibility which opens vulnerabilities to these cyber attacks, in addition, most organizations tend to neglect security given the additional overhead and costs. Therefore, using existing open source web application firewalls is ideal for any organization without having to sacrifice costs as well as usability, in order to detect and prevent web-specific attacks, while acting as an additional layer of security in conjunction with other security tools implemented such as network firewalls and intrusion detection systems. This study explores the advantages and disadvantages of an open-source web application firewall, wherein vulnerability assessment and several penetration tests are conducted against common web vulnerabilities to validate the web application firewall’s effectiveness to detect and prevent web application attacks, as well as its implementation by hardening the system and optimizing the performance of the web application through load balancing and high availability.

Abstract Format



Capstone paper (CCS Capstone Project)





Physical Description

120 leaves


Web applications; Firewalls (Computer security)

Upload Full Text


Embargo Period