A new taxonomy of Web attacks suitable for efficient encoding

Web attacks, i.e. attacks exclusively using the HTTP/HTTPS protocol, are rapidly becoming one of the fundamental threats for information systems connected to the Internet. When the attacks suffered by Web servers through the years are analyzed, it is observed that most of them are very similar, using a reduced number of attacking techniques. It is generally agreed that classification can help designers and programmers to better understand attacks and build more secure applications. As an effort in this direction, a new taxonomy of Web attacks is proposed in this paper, with the objective of obtaining a useful reference framework for security applications. The use of the taxonomy is illustrated by means of multiplatform real world Web attack examples. Along with this taxonomy, important features of each attack category are discussed. A semantic-dependent

Web attack encoding scheme is also defined that, together with the taxonomy, can be used to process the attack information with low time and memory consumption. Applications of the taxonomy and the encoding scheme are described, such as intrusion detection systems and application firewalls.