期刊名称:International Journal of Advanced Networking and Applications
电子版ISSN:0975-0290
出版年度:2010
卷号:1
期号:5
页码:315-318
出版社:Eswar Publications
摘要:Most of the applications now -a-days are developed web based. The applications of public access are highly exposed to security threats. The increasing number of web based attacks which result in loss of data and unauthorized access to application has drawn the attention of organizations toward web application security. The most commonly employed defense mechanism is to use solutions that rely on security service tools like firewalls, intrusion detection and prevention systems etc. Most of the com monly used tools such as SNORT are based upon the payload inspection that detects an attack by searching for the occurrence of known signature patterns in the packet. But using these devices for protecting web applications against common input based attacks is an inefficient process. It consumes a significant am ount of time, memory and CPU cycles for each packet while scanning through a list of rules. Implementing security features within applications' logic is an effective alternative. In this paper we analyz ed the performance of two experimental web applications, one with security implemented within the code and the other checked by external security system called SNORT using a web application testing tool (WAPT 3.0). Our experiment showed that the application with secure code showed better performance statistics in terms of response time. The paper also discusses various issues regarding the use of security devices as protection against application layer attacks
关键词:web applications; security; intrusion detection and prevention; snort