Sniper: A framework for detecting attack attempts to open source web applications at the run time

Abstract

Open source web applications offer webmasters and owners like you free solutions for building personal, business, official and social network websites. On the other hand, open source web applications allow attackers a complete map of its structure, design and functionality. In fact, using open source web applications is a double-edged sword in that it supplies both attackers and defenders more control over their security aspect. Well-known attacks are aimed access resources that are not referenced by the web application and lead to information discloser. Inspired by the idea of a sniper lurking in the shadows of civilization as a secret guard, this paper proposes a framework-named Sniper-to improve the security of open source web applications. Mimicking a real sniper who hides in the bushes to watch and eliminate dangerous enemies, the proposed Sniper framework is hidden within the web application to capture potential attackers. To illustrate further, if an attacker approaches your website seeking sensitive data, Sniper will be there watching to detect the intrusion, notify the webmaster anonymously, and block the attacker based on predefined thresholds. Therefore, Sniper identifies and mitigates attack attempts ahead of time by monitoring suspicious traffic intended to reach forbidden or sensitive areas. Sniper was implemented and tested using three different open source web applications. As a webmaster, I cannot imagine a better lights-out monitoring solution that not only notifies me, but also blocks potentially malicious access.