. МЕТОДИКА РОЗРОБКИ БРАНДМАУЕРА ВЕБ-ДОДАТКІВ
The development of web-resources indicate that there are no uniform standards for the development of secure web-applications, which can lead to errors and the appearance of vul-nerabilities in web-applications. A vulnerable web-application can be easily hacked without using specialized tools, only u...
Збережено в:
| Дата: | 2025 |
|---|---|
| Автори: | , , |
| Формат: | Стаття |
| Мова: | Ukrainian |
| Опубліковано: |
V.M. Glushkov Institute of Cybernetics of NAS of Ukraine
2025
|
| Теми: | |
| Онлайн доступ: | https://jais.net.ua/index.php/files/article/view/658 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Problems of Control and Informatics |
Репозитарії
Problems of Control and Informatics| Резюме: | The development of web-resources indicate that there are no uniform standards for the development of secure web-applications, which can lead to errors and the appearance of vul-nerabilities in web-applications. A vulnerable web-application can be easily hacked without using specialized tools, only using a browser. In the world there are a huge number of web-applications running PHP. Information security threats are so diverse that traditional remedies are not always effective. Based on a comprehensive analysis of security threats for web-applications, a web-application firewall based on the PHP language has been proposed. The developed web-application firewall consists of 4 subsystems: a threat detection subsystem, an audit subsystem, a configuration subsystem, and an interactive subsystem. Each subsystem performs certain functions to protect the web-application from information security threats. The proposed solution works as a proxy server and checks all in-coming traffic to the web-application, which allows ont to control fully all incoming requests. If destructive requests are detected, they are blocked, and the administrator is notified of the current attack on the web-application. Test results show that the firewall can effectively block various malicious attacks at the application level, such as SQL Injection-sql injection, Remote Code Execution (RCE) — remote code execution, Cross Site Script-ing (CSS) — cross-site scripting, Cross Site Request Forgery ( CSRF) — intersite request forgery; Remote File Inclusion (RFI) — remote inclusion; Local File Inclusion (LFI) — local inclusion; Auth Bypass — bypass authorization, Bruteforce — selection of pass-words. etc., as well as comprehensively protect web-applications. |
|---|