SecRASP: Next generation web application security protection methodology and framework

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-03-15 DOI:10.1016/j.cose.2025.104445

Chenggang He , Chris H.Q. Ding

{"title":"SecRASP: Next generation web application security protection methodology and framework","authors":"Chenggang He , Chris H.Q. Ding","doi":"10.1016/j.cose.2025.104445","DOIUrl":null,"url":null,"abstract":"<div><div>Currently, Web applications are encountering unprecedented security threats from various types of attacks, such as SQL injection, XSS cross-site scripting attacks, Webshell attacks, and increasingly prominent 0-day security vulnerabilities and other serious threats, the security of Web applications is directly related to the normal order of society and national security and other important aspects. However, the current Web application security protection methods and tools are easy to bypassed by security attacks, have high false positives, and are cumbersome to configure, are unable to protect efficiently against the growing application demands and the increasingly complicated malicious attacks. In this regard, the SecRASP high-performance application security protection method and framework based on RASP are proposed to solve the current Web application security protection problems such as low accuracy, inability to quickly block 0-day security holes, and serious impact on the performance of Web applications and other \"choke points\". Experimental results show that in terms of security attack protection accuracy, SecRASP's security protection accuracy reaches 100 %, while Baidu OpenRASP's security protection accuracy is only 77.60 %; in terms of the impact on the performance of the protected application, SecRASP's impact on the performance of the application is minimal, compared to the OpenRASP in the CPU utilization rate, memory utilization rate, the performance of the protected application is reduced by 5.2 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104445"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001348","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Currently, Web applications are encountering unprecedented security threats from various types of attacks, such as SQL injection, XSS cross-site scripting attacks, Webshell attacks, and increasingly prominent 0-day security vulnerabilities and other serious threats, the security of Web applications is directly related to the normal order of society and national security and other important aspects. However, the current Web application security protection methods and tools are easy to bypassed by security attacks, have high false positives, and are cumbersome to configure, are unable to protect efficiently against the growing application demands and the increasingly complicated malicious attacks. In this regard, the SecRASP high-performance application security protection method and framework based on RASP are proposed to solve the current Web application security protection problems such as low accuracy, inability to quickly block 0-day security holes, and serious impact on the performance of Web applications and other "choke points". Experimental results show that in terms of security attack protection accuracy, SecRASP's security protection accuracy reaches 100 %, while Baidu OpenRASP's security protection accuracy is only 77.60 %; in terms of the impact on the performance of the protected application, SecRASP's impact on the performance of the application is minimal, compared to the OpenRASP in the CPU utilization rate, memory utilization rate, the performance of the protected application is reduced by 5.2 %.

查看原文本刊更多论文

SecRASP：下一代web应用程序安全保护方法和框架

当前，Web应用程序正面临着前所未有的安全威胁，来自各种类型的攻击，如SQL注入、XSS跨站脚本攻击、Webshell攻击以及日益突出的零日安全漏洞等严重威胁，Web应用程序的安全直接关系到社会的正常秩序和国家安全等重要方面。但是，目前的Web应用安全防护方法和工具容易被安全攻击绕过、误报率高、配置繁琐，无法有效防范日益增长的应用需求和日益复杂的恶意攻击。为此，提出基于RASP的SecRASP高性能应用安全防护方法和框架，解决当前Web应用安全防护准确率低、无法快速封堵0天安全漏洞、严重影响Web应用性能等“瓶颈”问题。实验结果表明，在安全攻击防护精度方面，SecRASP的安全防护精度达到100%，而百度OpenRASP的安全防护精度仅为77.60%；在对受保护应用程序性能的影响方面，SecRASP对应用程序性能的影响最小，与OpenRASP相比，在CPU利用率、内存利用率方面，受保护应用程序的性能降低了5.2%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.