Open Access Open Access  Restricted Access Subscription Access

Performance Analysis of Internal vs. External Security Mechanism in Web Applications


Affiliations
1 Dept. of Computer Sc. & IT, University of Jammu, Jammu-180006, India
 

Most of the applications now-a-days are developed web based. The applications of public access are highly exposed to security threats. The increasing number of web based attacks which result in loss of data and unauthorized access to application has drawn the attention of organizations toward web application security. The most commonly employed defense mechanism is to use solutions that rely on security service tools like firewalls, intrusion detection and prevention systems etc. Most of the commonly used tools such as SNORT are based upon the payload inspection that detects an attack by searching for the occurrence of known signature patterns in the packet. But using these devices for protecting web applications against common input based attacks is an inefficient process. It consumes a significant amount of time, memory and CPU cycles for each packet while scanning through a list of rules. Implementing security features within applications’ logic is an effective alternative. In this paper we analyzed the performance of two experimental web applications, one with security implemented within the code and the other checked by external security system called SNORT using a web application testing tool (WAPT 3.0). Our experiment showed that the application with secure code showed better performance statistics in terms of response time. The paper also discusses various issues regarding the use of security devices as protection against application layer attacks.

Keywords

Webapplications, Security, Intrusion Detection and Prevention, Snort.
User
Notifications
Font Size

Abstract Views: 156

PDF Views: 0




  • Performance Analysis of Internal vs. External Security Mechanism in Web Applications

Abstract Views: 156  |  PDF Views: 0

Authors

Supriya Gupta
Dept. of Computer Sc. & IT, University of Jammu, Jammu-180006, India
Lalitsen Sharma
Dept. of Computer Sc. & IT, University of Jammu, Jammu-180006, India

Abstract


Most of the applications now-a-days are developed web based. The applications of public access are highly exposed to security threats. The increasing number of web based attacks which result in loss of data and unauthorized access to application has drawn the attention of organizations toward web application security. The most commonly employed defense mechanism is to use solutions that rely on security service tools like firewalls, intrusion detection and prevention systems etc. Most of the commonly used tools such as SNORT are based upon the payload inspection that detects an attack by searching for the occurrence of known signature patterns in the packet. But using these devices for protecting web applications against common input based attacks is an inefficient process. It consumes a significant amount of time, memory and CPU cycles for each packet while scanning through a list of rules. Implementing security features within applications’ logic is an effective alternative. In this paper we analyzed the performance of two experimental web applications, one with security implemented within the code and the other checked by external security system called SNORT using a web application testing tool (WAPT 3.0). Our experiment showed that the application with secure code showed better performance statistics in terms of response time. The paper also discusses various issues regarding the use of security devices as protection against application layer attacks.

Keywords


Webapplications, Security, Intrusion Detection and Prevention, Snort.