Web application protection techniques: A taxonomy

详细信息    查看全文

• 作者：Victor Prokhorenko ^{Victor.Prokhorenko@mymail.unisa.edu.au" class="auth_mail" title="E-mail the corresponding author} ; Kim-Kwang Raymond Choo ^{Raymond.Choo@unisa.edu.au" class="auth_mail" title="E-mail the corresponding author} ; Helen Ashman ^{Helen.Ashman@unisa.edu.au" class="auth_mail" title="E-mail the corresponding author}
• 关键词：Web IDS ; Web protection ; Web application ; Web security
• 刊名：Journal of Network and Computer Applications
• 出版年：2016
• 出版时间：January 2016
• 年：2016
• 卷：60
• 期：Complete
• 页码：95-112
• 全文大小：472 K

文摘

The growing popularity of web applications makes them an attractive target for malicious users. Large amounts of private data commonly processed and stored by web applications are a valuable asset for attackers, resulting in more sophisticated web-oriented attacks. Therefore, multiple web application protections have been proposed. Such protections range from narrow, vector-specific solutions used to prevent some attacks only, to generic development practices aiming to build secure software from the ground up. However, due to the diversity of the proposed protection methods, choosing one to protect an existing or a planned application becomes an issue of its own.

This paper surveys the web application protection techniques, aiming to systematise the existing approaches into a holistic big picture. First, a general background is presented to highlight the issues specific to web applications. Then, a novel classification of the protections is provided. A variety of existing protections is overviewed and systematised next, followed by a discussion of current issues and limitation inherent to the existing protection methods. Finally, the overall picture is summarised and future potentially beneficial research lines are discussed.