Usability of software intrusion-detection system in web applications

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F70883521%3A28140%2F13%3A43868694" target="_blank" >RIV/70883521:28140/13:43868694 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-642-33018-6_16" target="_blank" >http://dx.doi.org/10.1007/978-3-642-33018-6_16</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-642-33018-6_16" target="_blank" >10.1007/978-3-642-33018-6_16</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Usability of software intrusion-detection system in web applications

Popis výsledku v původním jazyce

This article is focused on the security solution based on intrusion detection idea, which should be independent of the web server type or configuration and do not rely on the other network hardware components. Discussed intrusion detection system solution is connected directly with the web application and is based on the real-time request analysis. The main opportunities of proposed principle are very low cost and simple implementation. Proposal is based on implementation of LGPL library PHPIDS [https://phpids.org/] into the demo application which consists of simple web form for testing. Integration of PHPIDS library was tested against the main web security flaws - SQL Injection, Cross Site Scripting, and HTTP Parameter Pollution. On this demo application, simple stress tests were performed and also level of security was evaluated. Moreover, suggestions for future improvements of this security solution are discussed.

Název v anglickém jazyce

Usability of software intrusion-detection system in web applications

Popis výsledku anglicky

This article is focused on the security solution based on intrusion detection idea, which should be independent of the web server type or configuration and do not rely on the other network hardware components. Discussed intrusion detection system solution is connected directly with the web application and is based on the real-time request analysis. The main opportunities of proposed principle are very low cost and simple implementation. Proposal is based on implementation of LGPL library PHPIDS [https://phpids.org/] into the demo application which consists of simple web form for testing. Integration of PHPIDS library was tested against the main web security flaws - SQL Injection, Cross Site Scripting, and HTTP Parameter Pollution. On this demo application, simple stress tests were performed and also level of security was evaluated. Moreover, suggestions for future improvements of this security solution are discussed.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

—

Návaznosti

V - Vyzkumna aktivita podporovana z jinych verejnych zdroju

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

International Joint Conference CISIS ´12-ICEUTE ´12-SOCO ´12

ISBN

978-3-642-33017-9

ISSN

2194-5357

e-ISSN

—

Počet stran výsledku

8

Strana od-do

159-166

Název nakladatele

Springer-Verlag Berlin

Místo vydání

Heidelberg

Místo konání akce

Ostrava

Datum konání akce

5. 9. 2012

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—