%0 Journal Article %A Khamdamov , Rustam Kh. %A Kerimov , Komil F. %A Ibrahimov , Jalol Oybek ugli %D 2019 %I Begell House %K web-application; security threat; web-application firewall; introduction to PHP %N 6 %P 61-65 %R 10.1615/JAutomatInfScien.v51.i6.60 %T Method of Developing a Web-Application Firewall %U https://www.dl.begellhouse.com/journals/2b6239406278e43e,08495e8b3cc40bc9,3e18d16204967cf5.html %V 51 %X The development of web-resources indicates that there are no uniform standards for the development of secure web-applications, which may lead to bugs and vulnerabilities in web-applications. A vulnerable web-application can be easily hacked without using specialized tools, only using a browser. In the world there is a huge number of web-applications running PHP. Information security threats are so diverse that traditional remedies are not always effective. Based on a comprehensive analysis of security threats for web-applications, a PHP-based web-application firewall has been proposed. The developed web-application firewall consists of four subsystems: a threat detection subsystem, an audit subsystem, a configuration subsystem, and an interactive subsystem. Each subsystem performs certain functions to protect the web-application from information security threats. The proposed solution works as a proxy server and checks all incoming traffic to the web-application, which allows one to control fully all incoming requests. If destructive requests are detected, they are blocked, and the administrator is notified of the current attack on the web-application. Test results show that the firewall can effectively block various malicious attacks at the application level, such as SQL injection, remote code execution (RCE), cross-site scripting (CSS), cross-site request forgery (CSRF); remote file inclusion (RFI); local file inclusion (LFI); Auth Bypass−bypass authorization, Brute Force−selection of passwords, etc., as well as comprehensively protect web-applications. %8 2019-09-02