| With the development of Computer Science and Technology, computer network has been the absolutely necessarily tool in the daily work. Also, enterprises are getting great progress in their Web Applications, either the traditional ones or the .com ones in rising. You can see the whole IT structure tend to running on Web Application, not matter how old they are such as Bank System. We can make a summary of above phenomenon that web applications are the part of our life.But we find that web application or web site are facing different kind of threatens from uncertain source. Some of the threaten are visible, others are base on the web site design, coding or the attackers' practice. However, we must face and treat these issues. The traditional technical method such as firewall system or intrusion protection system can only protect your network, analyse protocol and data packets. It is hard to summarize the patterns for either dynamic web pages or the attack methods. Also, we must pay attention that the security systems depend on the signature database or repository are impossible in avoiding distort or fail to report. Thus there should be security systems which focus on the web applictaion characteristic and users' behaviour, the topic is base on this background.After analyzing the users' behaviour and HTTP protocol, we propose an original information security audit system which establish the web profile through summarize and analyz the users' actions, audit and protect the web by this profile.This audit system will focus on a key factor: for the web application is composed of many elements reason, the web profiling should be automatically and dynamically. For the reasons of there are many elements in the web applications, manual maintenance is fallibility with too much misinformation; this must rely on system self-motion. This requires the information security audit system can automatic combine all of the key elements while they are found, the result can shows the web profile, users can judge the web design is satisfied with the security target through review this profile. In order to achieve the profiling, the system should intercept and capture the data in network layer, separate the HTTP/HTTPS data and recurs them. These recured data will provide the basic information for web profile. What the audit system need is choose what it needs: URLs, cookies, parameters, sessions, HTTP methods, users, then there will be a web profiling. The audit system will compare the web data stream with the established web profile, judge what are acceptable or doubtful.In addition of web profiling, the original audit system has the ability of data stream capture/response and generates alerts. It uses the libcap to achieve the data capture and SNMP trap and Syslog interface to send alerts.At the end of this dissertation, there carries out an original information security audit system and implements it in a web application testing environment. The testing result shows the system has visible advantages in the web application protection. |
PDF Full Text Request