SecRASP: Next generation web application security protection methodology and framework

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-03-15 DOI:10.1016/j.cose.2025.104445

Chenggang He , Chris H.Q. Ding

{"title":"SecRASP: Next generation web application security protection methodology and framework","authors":"Chenggang He , Chris H.Q. Ding","doi":"10.1016/j.cose.2025.104445","DOIUrl":null,"url":null,"abstract":"<div><div>Currently, Web applications are encountering unprecedented security threats from various types of attacks, such as SQL injection, XSS cross-site scripting attacks, Webshell attacks, and increasingly prominent 0-day security vulnerabilities and other serious threats, the security of Web applications is directly related to the normal order of society and national security and other important aspects. However, the current Web application security protection methods and tools are easy to bypassed by security attacks, have high false positives, and are cumbersome to configure, are unable to protect efficiently against the growing application demands and the increasingly complicated malicious attacks. In this regard, the SecRASP high-performance application security protection method and framework based on RASP are proposed to solve the current Web application security protection problems such as low accuracy, inability to quickly block 0-day security holes, and serious impact on the performance of Web applications and other \"choke points\". Experimental results show that in terms of security attack protection accuracy, SecRASP's security protection accuracy reaches 100 %, while Baidu OpenRASP's security protection accuracy is only 77.60 %; in terms of the impact on the performance of the protected application, SecRASP's impact on the performance of the application is minimal, compared to the OpenRASP in the CPU utilization rate, memory utilization rate, the performance of the protected application is reduced by 5.2 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104445"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001348","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Currently, Web applications are encountering unprecedented security threats from various types of attacks, such as SQL injection, XSS cross-site scripting attacks, Webshell attacks, and increasingly prominent 0-day security vulnerabilities and other serious threats, the security of Web applications is directly related to the normal order of society and national security and other important aspects. However, the current Web application security protection methods and tools are easy to bypassed by security attacks, have high false positives, and are cumbersome to configure, are unable to protect efficiently against the growing application demands and the increasingly complicated malicious attacks. In this regard, the SecRASP high-performance application security protection method and framework based on RASP are proposed to solve the current Web application security protection problems such as low accuracy, inability to quickly block 0-day security holes, and serious impact on the performance of Web applications and other "choke points". Experimental results show that in terms of security attack protection accuracy, SecRASP's security protection accuracy reaches 100 %, while Baidu OpenRASP's security protection accuracy is only 77.60 %; in terms of the impact on the performance of the protected application, SecRASP's impact on the performance of the application is minimal, compared to the OpenRASP in the CPU utilization rate, memory utilization rate, the performance of the protected application is reduced by 5.2 %.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.

期刊最新文献

Penterep: Comprehensive penetration testing with adaptable interactive checklists SecRASP: Next generation web application security protection methodology and framework Editorial Board Surf-Snooping: USB crosstalk leakage attacks on wireless charging LowPTor: A lightweight method for detecting extremely low-proportion darknet traffic