DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

Q3 Engineering

Journal of Automation and Information Sciences Pub Date : 2021-01-01 DOI:10.34229/0572-2691-2021-1-7

R. Khamdamov, K. Kerimov

{"title":"DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL","authors":"R. Khamdamov, K. Kerimov","doi":"10.34229/0572-2691-2021-1-7","DOIUrl":null,"url":null,"abstract":"Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.","PeriodicalId":54874,"journal":{"name":"Journal of Automation and Information Sciences","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Automation and Information Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34229/0572-2691-2021-1-7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Engineering","Score":null,"Total":0}

引用次数: 0

Abstract

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

查看原文本刊更多论文

基于web应用防火墙的数据库保护

Web应用程序越来越多地用于阅读新闻、支付账单和在线购物等活动。随着这些服务的发展，你可以看到攻击它们的数量和范围都在增加，例如:盗窃个人信息、银行数据和其他网络犯罪案件。所有这些都是数据库信息公开的结果。Web应用程序的安全性高度依赖于数据库的安全性。客户机请求数据通常由一组请求应用程序用户的请求来检索。如果没有非常仔细地扫描用户输入的数据，则可以收集到大量使用web应用程序对数据库造成安全威胁的攻击类型。不幸的是，由于时间的限制，web应用程序程序员通常关注的是web应用程序的功能，而很少有人关心安全性。本文提供了使用数据库防火墙检测异常的方法。对入侵方法和黑客类型进行了研究。提出了一种数据库防火墙，可以阻止对Web应用程序的已知和未知攻击。该软件可以根据配置以各种方式工作。几乎没有误报，性能开销也相对较小。开发的数据库防火墙旨在防止对web应用数据库的攻击。它充当代理，这意味着从客户机接收到的SQL表达式请求将首先发送到开发的防火墙，而不是发送到数据库服务器本身。防火墙对请求进行分析，认为奇怪的请求被防火墙拦截，并返回空结果给客户端。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Automation and Information Sciences AUTOMATION & CONTROL SYSTEMS-

自引率

0.00%

发文量

审稿时长

6-12 weeks

期刊介绍： This journal contains translations of papers from the Russian-language bimonthly "Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki". Subjects covered include information sciences such as pattern recognition, forecasting, identification and evaluation of complex systems, information security, fault diagnosis and reliability. In addition, the journal also deals with such automation subjects as adaptive, stochastic and optimal control, control and identification under uncertainty, robotics, and applications of user-friendly computers in management of economic, industrial, biological, and medical systems. The Journal of Automation and Information Sciences will appeal to professionals in control systems, communications, computers, engineering in biology and medicine, instrumentation and measurement, and those interested in the social implications of technology.