Kurambaev Y.B.
CYBER SECURITY FEATURES OF FIREWALLS FOR WEB APPS *
Аннотация:
this article discusses the features of the development of digital technologies in the protection of applications and information. A cross-sectional and comparative analysis of the impact of choosing the direction of cybersecurity development was carried out. Recommendations are given for the implementation of developments in the development of technologies
Ключевые слова:
analysis, method, research, cybersecurity
УДК 004.738
Kurambaev Y.B.
Lecturer at the Department of Artificial Intelligence and Cybersecurity
Engineering and Technology University of Turkmenistan named after Oguzhana
(Turkmenistan, Ashgabat)
CYBER SECURITY FEATURES OF FIREWALLS FOR WEB APPS
Abstract: this article discusses the features of the development of digital technologies in the protection of applications and information. A cross-sectional and comparative analysis of the impact of choosing the direction of cybersecurity development was carried out. Recommendations are given for the implementation of developments in the development of technologies.
Key words: analysis, method, research, cybersecurity.
Web application security is a branch of information security that provides protection for web pages and web applications. Web application security differs from other branches of information security in that it focuses on vulnerabilities in software code that are discovered in real time by users on the Internet. Most attacks on web servers are made through firewalls and HTTP (80) or HTTPS (443) ports.
In addition to traditional firewalls, various solutions are used at the application level to ensure the security of web applications. This includes external tools such as web application scanners (WAS) and firewalls (WAF).
A WAF, or web application firewall, is the first line of defense between software and Internet traffic. Monitors and filters Internet traffic to block traffic and malicious referrals. WAF is one of the best and most cost-effective ways to detect vulnerabilities in software and protect them before they find malicious applications. Other security measures, such as web scanners, are capable of effectively finding vulnerabilities. A managed WAF enables custom rules, prevents business logic errors, guarantees no false positives, and protects your applications from everyday threats and DDoS attacks.
Web Application Firewalls (WAFs) are hardware (technology) or software designed to monitor website traffic with the ability to intercept server browser operations. WAFs use a set of filtering rules in the form of a white (marked) list, a black (unmarked) list, or a combination of the two, to distinguish normal user access from unauthorized access. By default, WAF only forwards referrals to programs that are classified as requests. Unregistered, i.e. unclassified, addresses are often blocked and disallowed. Creating a set of filter rules is difficult, because on the one hand, if the WAF blocks common requests (false positives), even if they are allowed, some software will not work. On the other hand, if the WAF does not block all incoming calls (false negatives), an attacker can bypass the WAF and exploit a vulnerability in the application. A positive filter allows valid addresses based on the trusted server's registered set (whitelist) of how to communicate; this prevents unauthorized access to protected servers. An attribute-based filter uses positive logic rules, but allows variables to be included in the rule set. Variable values are set dynamically at the user level. A disadvantage of positive filters is the need for a large database of vulnerabilities based on regular expression rules. This results in low throughput, requires more resources, and makes it difficult to adapt to large web systems. By reducing the number of rules to improve throughput, the quality of vulnerability detection decreases. WAF technology WAFs are developed using artificial intelligence techniques (artificial neural networks, hybrid logic) to improve performance.
Functionality of WAF
WAFs are deployed as hardware, software, or through the cloud and operate under specific rules. These rules tell the WAF firewall what vulnerabilities, flaws, traffic to look for, what to do when vulnerabilities are found, etc. he says. In other words, it is a set of rules that allow a WAF to protect web applications and servers from attacks. So, based on these rules, the web software firewall continues to scan the web applications and GET and POST requests it receives to detect and filter malicious activities and requests. It is important to note that WAF not only analyzes the headers, but also the content of all packets to block illegal traffic, WAF smart firewalls even send requests to prove that the user is not a bot. When vulnerabilities are found in the software, the WAF immediately closes them to prevent attackers (bots attacking IPs, attack logs, etc.) from automatically finding those vulnerabilities. Thus, developers get buffer time to fix vulnerabilities and bugs in their software. Web application firewalls are typically configured according to three basic security models.
Software protection is an important additional layer of security because it can protect against software-level security threats that are not covered by a standard attack detection system. A WAF provides security for a protected web server. It doesn't hurt to look at HTTP, HTTPS address packets (deep packet inspection) and web streams. When any security threat is detected according to the configuration file or intrusion detection system, the WAF blocks the attack by HTTP address, user stage or IP address. Logging is an important part of any web application. Sometimes it is very important to keep a log of events (login log) because they help to detect some bugs or actions of some malicious user at a later time. In most software today, daily analysis is not performed intelligently, data is simply entered into logs and then processed manually. But if our software gets a lot of requests and getting bits of useful information from those requests, it's a waste of time. Many new attacks can be discovered and therefore the backend server must provide better security. A network intrusion detection system (IDS) tries to detect such attacks by analyzing data and trying to find suspicious patterns. Generally, the algorithms used in IDS use different techniques to detect attacks. For example, signature-based methods use hard-coded algorithms provided by some experts to detect specific attacks. Data retrieval methods also use specific data. However, these algorithms fail to detect new attacks that are not yet known. To counter this, a new algorithm must be provided or the system must be retrained on the new database. One of the modern methods is based on the concept of anomaly detection using clusters.
A WAF sits securely between the Internet and the web server. The user-to-backend server address is detailed in the WAF. Safe addresses are then sent to the server, while malicious ones are left there. WAF is very versatile, regardless of the back-end server, which can be a WAF database or a workstation.
REFERENCES:
Номер журнала Вестник науки №4 (61) том 3
Ссылка для цитирования:
Kurambaev Y.B. CYBER SECURITY FEATURES OF FIREWALLS FOR WEB APPS // Вестник науки №4 (61) том 3. С. 182 - 185. 2023 г. ISSN 2712-8849 // Электронный ресурс: https://www.вестник-науки.рф/article/7784 (дата обращения: 25.04.2024 г.)
Вестник науки СМИ ЭЛ № ФС 77 - 84401 © 2023. 16+