Security system using transaction information collected from web application server or web server

摘要

The present disclosure provides a security system comprising: a WAS plug-in agent installed on a web application server (WAS) or a WEB plug-in agent installed on a web server (WEB), wherein the WAS plug-in agent or WEB plug-in agent is configured to collect transaction information; and a management server configured to: receive the transaction information from the WAS plug-in agent or WEB plug-in agent; determine whether the transaction information is normal or abnormal; generate detection information based on the determination; and upon determination that the transaction information is abnormal, transmit, to the WAS plug-in agent or the WEB plug-in agent, a blocking instruction to block a transaction corresponding to the abnormal transaction information. According to the present disclosure, the analysis of decrypted transaction information may allow detecting SSL/TLS based encrypted attacks and coping with web hacking attacks at session level after normal login.