EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Securing information resources using web application firewalls

Baranov P.A. and Beybutov E.R.
Additional contact information
Baranov P.A.: National Research University Higher School of Economics
Beybutov E.R.: National Research University Higher School of Economics

Бизнес-информатика, 2015, issue 4 (34), 71-78

Abstract: This paper provides an overview of core technologies implemented by comparably new products on the information security market web application firewalls. Web applications are a very widely-used and convenient way of presenting remote users with access to corporate information resources. They can, however, become single point of failure rendering all the information infrastructure inaccessible to legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web servers, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of the ISO/OSI model and serve as a controlling tunnel for all the traffic heading to and from a company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention, web application firewalls are equipped with various mechanisms of data exchange session «normality» control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means, such as denial of service, XSS injection and CRRF attack prevention. The ability to research and add user rules to be processed along with vendor-provided ones is important, since every company has its own security policy and, therefore, the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on broad practical experience of integrating web application firewalls into the security landscape of various organizations, their administration and customization. We illustrate our research into available filtering mechanisms and their implementations with exemplary product features by market leaders.

Keywords: INFORMATION SECURITY; WEB APPLICATION FIREWALL; APPLICATION SERVER PROTECTION; ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ; ВЕБ-ЭКРАН; МЕЖСЕТЕВОЙ ЭКРАН ВЕБ-ПРИЛОЖЕНИЙ; ЗАЩИТА СЕРВЕРА ПРИЛОЖЕНИЙ (search for similar items in EconPapers)
Date: 2015
References: Add references at CitEc
Citations:

Downloads: (external link)
http://cyberleninka.ru/article/n/securing-informat ... pplication-firewalls

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:scn:025686:16374356

Access Statistics for this article

More articles in Бизнес-информатика from CyberLeninka, Федеральное государственное автономное образовательное учреждение высшего образования «Национальный исследовательский университет «Высшая школа экономики»
Bibliographic data for series maintained by CyberLeninka ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:scn:025686:16374356