Доступ предоставлен для: Guest
Портал Begell Электронная Бибилиотека e-Книги Журналы Справочники и Сборники статей Коллекции
Journal of Automation and Information Sciences
SJR: 0.275 SNIP: 0.59 CiteScore™: 0.8

ISSN Печать: 1064-2315
ISSN Онлайн: 2163-9337

Том 52, 2020 Том 51, 2019 Том 50, 2018 Том 49, 2017 Том 48, 2016 Том 47, 2015 Том 46, 2014 Том 45, 2013 Том 44, 2012 Том 43, 2011 Том 42, 2010 Том 41, 2009 Том 40, 2008 Том 39, 2007 Том 38, 2006 Том 37, 2005 Том 36, 2004 Том 35, 2003 Том 34, 2002 Том 33, 2001 Том 32, 2000 Том 31, 1999 Том 30, 1998 Том 29, 1997 Том 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i6.60
pages 61-65

Method of Developing a Web-Application Firewall

Rustam Kh. Khamdamov
Scientific Innovation Center of Information and Communication Technologies of Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)
Jalol Oybek ugli Ibrahimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Uzbekistan

Краткое описание

The development of web-resources indicates that there are no uniform standards for the development of secure web-applications, which may lead to bugs and vulnerabilities in web-applications. A vulnerable web-application can be easily hacked without using specialized tools, only using a browser. In the world there is a huge number of web-applications running PHP. Information security threats are so diverse that traditional remedies are not always effective. Based on a comprehensive analysis of security threats for web-applications, a PHP-based web-application firewall has been proposed. The developed web-application firewall consists of four subsystems: a threat detection subsystem, an audit subsystem, a configuration subsystem, and an interactive subsystem. Each subsystem performs certain functions to protect the web-application from information security threats. The proposed solution works as a proxy server and checks all incoming traffic to the web-application, which allows one to control fully all incoming requests. If destructive requests are detected, they are blocked, and the administrator is notified of the current attack on the web-application. Test results show that the firewall can effectively block various malicious attacks at the application level, such as SQL injection, remote code execution (RCE), cross-site scripting (CSS), cross-site request forgery (CSRF); remote file inclusion (RFI); local file inclusion (LFI); Auth Bypass−bypass authorization, Brute Force−selection of passwords, etc., as well as comprehensively protect web-applications.


  1. Pazizin S.V., Fundamentals of information security in computer systems [in Russian], TVP-OpiPM, Moscow, 2003. .

  2. Petrenko S.A., Petrenko A.A., Intranet security audit, DMK Press, Moscow, 2002. .

  3. Rzhavskiy K.V., Information security: practical protection of information technologies and telecommunication systems: Tutorial [in Russian], VolGU, Volgograd, 2002. .

  4. SemkinS.N., Belyakov E.V., Grebenev S.V., etal., Fundamentals of organizational support of information security of informatization objects, [in Russian], Gelios ARV, Moscow, 2005. .

  5. KhorevP.B., Methods and means of information protection in computer systems [in Russian], Gelios, Moscow, 2006. .

  6. Kondrashova N.V., Matching of external criterion and method of sample partitioning for solving problem of structural-parametric identification by group method of data handling, Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki", 2015, No. 5, 20-33. .

  7. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/s10559-015-9790-1. .

Articles with similar content:

Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture
Journal of Automation and Information Sciences, Vol.51, 2019, issue 12
Rustam Kh. Khamdamov , Komil F. Kerimov
Detection and Avoidance of Input Validation Attacks in Web Application Using Deterministic Push Down Automata
Journal of Automation and Information Sciences, Vol.51, 2019, issue 9
S. Senthilkumar, V. Nithya
International Journal on Innovations in Online Education, Vol.4, 2020, issue 2
Donald Z. Spicer
On One Model of Access Differentiation to Resources of Information System "Population and Migration" by using Petri Nets
Journal of Automation and Information Sciences, Vol.40, 2008, issue 9
Fargana Abdullayeva
Telecommunications and Radio Engineering, Vol.72, 2013, issue 13
A. M. Sukhov, A. A. Galtsev