jShield: An Open Source Solution for Web Application Security
Abstract
The purpose of this article is describe a solution for web application security based on an application firewall which is implemented using a model called reverse proxy. The application firewall use as much the model of negative filter as the model of positive filter for, apart from providing applications with more security, avoiding the occurrence of false positive what could filter applications authentic packets. This way, the firewall aggregates both the easy configuration of the negative security model with the better security provided by positive model.
Keywords:
jShield, Open Source, Safety, Web Applications
References
Aqtronix (2009). WebKnight - Application Firewall for Web Server. http://www.aqtronix.com/?PageID=99. Novembro.
Bace, R., Mell, P. (2001). Intrusion Detection Systems. NIST - National Institute of Standards and Technology. http://www.snort.org/docs/nist-ids.pdf.
Ceron, J, et al. (2008). Vulnerabilidades em Aplicações Web: uma Análise Baseada nos Dados Coletados nos honeypots. VIII Simposio Brasileiro de Segurança. http://sbseg2008.inf.ufrgs.br/proceedings/data/pdf/st06_02_resumo.pdf.
CERT.BR (2009). Estatísticas dos Incidentes Reportados ao CERT.br. http://www.cert.br/stats/incidentes/index.html, Novembro.
IISteam, (2009). Using URLScan. http://learn.iis.net/page.aspx/473/using-urlscan/,Novembro.
JMeter (2009). JMETER: Uma Aplicação desktop projetada para testes de carga e medidas de performance. http://jakarta.apache.org/jmeter/. Novembro.
Jones, K. J., Bejtlich, R., Rose, C. W. (2006). Real Digital Forensics – Computer Security and Incident Response, Addison-Wesley.
Microsoft (2009). UrlScan Security Tool. http://technet.microsoft.com/enus/security/cc242650.aspx. Novembro.
ModSecurity (2009). ModSecurity: open source web application firewall. http://www.modsecurity.org. Novembro.
OWASP (2010). The ten most critical web application security vulnerabilities. Open Web Application Security Project - OWASP. http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf.
WAFEC (2006). Web Application Firewall Evaluation Criteria. Web Application Security Consortium. http://www.webappsec.org/projects/wafec/v1/wasc-wafec-v1.0.pdf.
Bace, R., Mell, P. (2001). Intrusion Detection Systems. NIST - National Institute of Standards and Technology. http://www.snort.org/docs/nist-ids.pdf.
Ceron, J, et al. (2008). Vulnerabilidades em Aplicações Web: uma Análise Baseada nos Dados Coletados nos honeypots. VIII Simposio Brasileiro de Segurança. http://sbseg2008.inf.ufrgs.br/proceedings/data/pdf/st06_02_resumo.pdf.
CERT.BR (2009). Estatísticas dos Incidentes Reportados ao CERT.br. http://www.cert.br/stats/incidentes/index.html, Novembro.
IISteam, (2009). Using URLScan. http://learn.iis.net/page.aspx/473/using-urlscan/,Novembro.
JMeter (2009). JMETER: Uma Aplicação desktop projetada para testes de carga e medidas de performance. http://jakarta.apache.org/jmeter/. Novembro.
Jones, K. J., Bejtlich, R., Rose, C. W. (2006). Real Digital Forensics – Computer Security and Incident Response, Addison-Wesley.
Microsoft (2009). UrlScan Security Tool. http://technet.microsoft.com/enus/security/cc242650.aspx. Novembro.
ModSecurity (2009). ModSecurity: open source web application firewall. http://www.modsecurity.org. Novembro.
OWASP (2010). The ten most critical web application security vulnerabilities. Open Web Application Security Project - OWASP. http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf.
WAFEC (2006). Web Application Firewall Evaluation Criteria. Web Application Security Consortium. http://www.webappsec.org/projects/wafec/v1/wasc-wafec-v1.0.pdf.
Published
2010-06-16
How to Cite
MACÊDO, Márcio; QUEIROZ, Ricardo; DAMASCENO, Julio.
jShield: An Open Source Solution for Web Application Security. In: BRAZILIAN SYMPOSIUM ON INFORMATION SYSTEMS (SBSI), 6. , 2010, Marabá.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2010
.
p. 226-237.
DOI: https://doi.org/10.5753/sbsi.2010.14715.
