The Design And Implementation Of Web Application System And Security Functional Architecture

Technology of Web application system has been continuously developed and widely applied in all folks of life. With the network security problem becoming increasingly serious, construction institutions of information system are concerned more about the security construction of information system, including the establishment of network firewall, intrusion prevention system, intrusion detection system, security operation and maintenance system and so forth. Thus, however, more attention has been paid on hardware but less on software. In other words, the construction institutions pay only attention to the security devices’ purchase and arrangement, but ignore the design and achievement of the Web applications’ security function, resulting in many security incidents for the lack of the security protection mechanism.On the basis of GB/T 22239-2008 ‘Information Security Technology-Baseline for Classified Protection of Information System ‘, the paper attempts to analyze of the formation of the security functional requirements of Web application system, combined with the information security technology and software development technology design and implementation, the architecture based on user behavior data, and all aspects of security of Web application system software its security. As for the architecture design, it fully considers the internal and external security problems of information security. Thus, based on the dual authentication mechanism, it would prevent malicious attacks from external network; relied on the access control mechanism, we could effectively avoid the security risks caused by the abuse of authority; on the basis of data integrity protection, the guarantee mechanism of security audit data would be formed. As for implementation, the framework integrates the safety technology components, including complete identity authentication, access control and security audit, and also provides complete data protection interface, allowing users to directly call the security components and interface. Thus, the integration of security protection mechanism could be realized. As for the technology selection, the mainstream platform-.Net becomes the best choice. And the data storage is relied on the SQL database, with the standardized code rule in order to improve the utility and usability of the mechanism.Through critical security components, the architecture would achieve security protection mechanism and provide open access interfaces, which help the system design and development personnel know more about security protection technology, laying the technological foundation for building safer Web application systems. In the meantime, it also plays a significant role in popularizing the technology and knowledge of information system security protection. Thus, the Web application system could be increasingly safe in the future.