<![CDATA[The increasing number of cyberattacks targeting web applications has made security a critical concern, with vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Broken Authentication, and Cross-Site Request Forgery (CSRF) remaining prevalent in the OWASP Top 10. These threats can lead to data breaches, service disruption, and reputational damage if not properly mitigated. To address this issue, an infrastructure combining Open-AppSec Web Application Firewall (WAF) and Varnish Cache Content Delivery Network (CDN) was implemented on a Moodle-based e-learning platform within a virtualized Proxmox VE environment. Security testing was conducted using OWASP ZAP and Burp Suite under two scenarios: without WAF and with WAF. In the first scenario, OWASP ZAP detected multiple vulnerabilities, and Burp Suite confirmed successful exploitation with 200 OK responses. In the second scenario, all vulnerabilities were eliminated, and all simulated attacks returned 403 Forbidden responses, indicating complete mitigation. Performance tests revealed a manageable overhead, with throughput reaching 115.4 req/sec at 1000 concurrent users, accompanied by a slight increase in response time and latency. These results demonstrate that integrating Open-AppSec with CDN infrastructure can effectively protect against application-layer attacks while maintaining optimal content delivery performance. Limitations of this study include testing within a simulated environment; therefore, future work could validate these findings on larger-scale systems and with real-world traffic to assess broader generalizability.]]>
Copyrights © 2025
