Open Source Security Model for Web Based Applications

Abstract

WWeb applications have become an evolving mainstream and organizations have leveraged consideration of more web applications in their IT application infrastructures. Web applications bring significant business benefits like rapid deployment, easy access, seamless upgradability, improves availability and reduces cost. The recognized challenges of web applications are potential security risks of coding, programming platform, inadequate protection from traditional monitoring and protection technologies. Different researchers have proposed different Firewalls and Intrusion Detection Systems for web application infrastructures. Most of researches were on Signature-based Intrusion Detection methodology and two commonly discussed methods were Host-based and Network-based Intrusion Detection Systems (IDS). Application layer attacks may go undetected through the IDS and may generate false alarms, as IDS operates at network layer and lack of understanding of application layer behaviors. The thesis is to discuss security issues of web application infrastructures and examine conventional and modern monitoring techniques, their issues and finally propose an architecture, including a prototype implementation of web application security model and attack generation system. The prototype demonstrates technologies commonly used for attack detection, high availability, payload inspection and traffic anomaly detection such as Web Application Load Balancing, Reverse Proxy Approach, SSL Decryption, IP based White-list /Black-list, Browser Client-based Authorization, HTPP/HTTPS Connection Control, HTTP/HTTPS Transaction Limiting, Operational Performance Monitoring, HTTP Protocol Protection and Generic Web Attack Protection. The proposed prototype system includes attack and traffic generation system and present a hypothetical and experimental evaluation of the proposed architecture. This approach allows to isolate the firewalling and intrusion detection from the host and offload security functions from it and pull these security functions to separate harden hosts.