The thesis provides a general description of the architecture of web applications, including their benefits, why attacking them worth it and also what causes problems regarding them. In the first, theoretical part, it summarizes the general ideas, basic methods of the most popular and widely utilized vulnerabilities. Moreover, it also presents suggestions on avoiding these flaws.
In the next part of this work, it presents the available security techniques, methods. It takes a look at the Open Web Application Security Project, the community's informational websites, standards, auditing and also the different solutions using active protection mechanisms.
Following this, the thesis describes an experimental study on examination of different techniques in practice. The examination is based on presenting the features of two Web Application Firewall products. These are Juniper's WebApp Secure and ServerDefender VP. Both software are based on the same ideas, but they use different approaches to reach their goal.
The method of the study was based on running different test on these applications, so it can be decided how well do they work in real-life situations against different type of attacks. To run these tests, 3 online code-auditing softwares and one capabable of executing DoS attacks were chosen. Using these softwares a self-developed and a community-built web application's defenses were tested. To successfully run the tests a physical system was built in one of the unviersity's department's computer labs.
At the end of the thesis the results are evaluated, also possible alternatives, and a look at the next steps are presented regarding this experiment.