| Summary: | The subject matter of the paper is the process of ensuring the protection of Web applications against attacks aimed at obtaining unauthorized access to the functions of the content management system administrator. The goal is to create a method to select measures to protect the Web application against attacks. The tasks are: to determine a list of common Web application security measures, to develop a method of selection the most efficient protective measures within a limited budget. The methods used are: attacks trees analysis, expert assessment method, methods for solving nonlinear integer programming problems with Boolean variables. The following results were obtained. The method for selecting Web application security measures based on the success rate estimation of a Web application attack has been developed. Inasmuch as all protective measures differ in cost, effectiveness, and influence on various attack vectors, as a result of the choice an optimal set of countermeasures that will provide the maximal reduction level of attack success rate must be determined. That's why not only changing the parameters of countermeasures, but also changing the parameters of the attack tree can lead to changing the set of countermeasures. The problem of selecting protection measures is a nonlinear problem of integer programming with Boolean variables. Conclusions. The scientific novelty of the results is as follows: the method of selecting countermeasures by solving the optimization problem, which allows to select the most effective countermeasures in a limited budget, was improved. The minimization of the attack success rate is used as а target function; the budget of services is specified as a limitation. However, it is also possible to use a minimization of a budget level as a target function, wherein the maximum allowable value of the attack success rate is used as a limitation.
|
|---|
