SecRASP: Next generation web application security protection methodology and framework

Abstract

Currently, Web applications are encountering unprecedented security threats from various types of attacks, such as SQL injection, XSS cross-site scripting attacks, Webshell attacks, and increasingly prominent 0-day security vulnerabilities and other serious threats, the security of Web applications is directly related to the normal order of society and national security and other important aspects. However, the current Web application security protection methods and tools are easy to bypassed by security attacks, have high false positives, and are cumbersome to configure, are unable to protect efficiently against the growing application demands and the increasingly complicated malicious attacks. In this regard, the SecRASP high-performance application security protection method and framework based on RASP are proposed to solve the current Web application security protection problems such as low accuracy, inability to quickly block 0-day security holes, and serious impact on the performance of Web applications and other "choke points". Experimental results show that in terms of security attack protection accuracy, SecRASP's security protection accuracy reaches 100 %, while Baidu OpenRASP's security protection accuracy is only 77.60 %; in terms of the impact on the performance of the protected application, SecRASP's impact on the performance of the application is minimal, compared to the OpenRASP in the CPU utilization rate, memory utilization rate, the performance of the protected application is reduced by 5.2 %.