EXPERIMENTS AND PRACTICAL SOLUTIONS FOR BUILDING A TEST ENVIRONMENT TO ASSESS APPLICATION-LEVEL SECURITY
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1014Keywords:
test environment; application security; Burp Suite; Splunk; Wazuh; DevSecOps; Zero Trust; cyber threats.Abstract
The article examines experimental approaches and practical solutions for building a test environment to assess application-level security. The aim of the research is to create an isolated laboratory infrastructure that simulates a corporate network structure with a DMZ zone, an internal segment, and an attack environment to objectively evaluate the effectiveness of modern security tools. The test environment was implemented using VMware Workstation Pro virtualization and integrated tools such as Burp Suite Pro, AppScan, ZAP Proxy, Acunetix, Splunk, Wazuh, and LogRhythm. A series of experiments were conducted, including simulations of typical application-layer attacks (SQL injection, XSS, CSRF, brute force, and network scanning), along with event log collection and analysis. The experimental results demonstrated that Burp Suite Pro and Splunk provide the highest overall efficiency, while Wazuh and ZAP Proxy offer acceptable quality with minimal resource consumption. It was found that combining scanning, monitoring, and response tools within a multi-layer security model significantly increases system resilience against attacks. Based on the obtained data, practical recommendations were developed for implementing combined application-level protection strategies based on Zero Trust Architecture and DevSecOps principles. The proposed model maintains an optimal balance between security and performance and can be used for building effective monitoring systems, vulnerability testing, and cybersecurity training. The developed environment can also be adapted for testing new protection tools and modeling complex attack scenarios. Future research will focus on improving automated analysis of testing results and expanding the environment’s functionality.
Downloads
References
Acunetix. (2025, 05 жовтня). Web Vulnerability Scanner. https://www.acunetix.com/
Cisco. (2025, 05 жовтня). Системи виявлення вторгнень. Режим доступу: https://www.cisco.com/c/en/us/products/security/ids-ips/
IBM Security. (2025, 05 жовтня). IBM AppScan: Application Security Testing. https://www.ibm.com/security/application-security
MITRE Corporation. (2025, 05 жовтня). MITRE ATT&CK Framework. https://attack.mitre.org/
NVD. (2025, 05 жовтня). National Institute of Standards and Technology (NIST). Режим доступу: https://nvd.nist.gov
OWASP Foundation. (2025, 05 жовтня). OWASP Dependency-Check. https://owasp.org/www-project-dependency-check
OWASP. (2025, 05 жовтня). OWASP Top Ten Security Risks. https://owasp.org/www-project-top-ten/
SANS Institute. (2025, 05 жовтня). DevSecOps: Інтеграція безпеки в розробку. https://www.sans.org/cyber-security-courses/devsecops/
SolarWinds. (2025, 05 жовтня). Security Event Manager (SEM). https://www.solarwinds.com/security-event-manager
Splunk. (2025, 05 жовтня). SIEM та XDR для захисту додатків. https://www.splunk.com/en_us/products/enterprise-security.html
Wazuh Inc. (2025, 05 жовтня). Security Information and Event Management (SIEM). https://wazuh.com
Zero Trust Architecture. (2025, 05 жовтня). Національний інститут стандартів і технологій США. https://www.nist.gov/publications/zero-trust-architecture
Kostiuk, Y., Skladannyi, P., Rzaeva , S., Mazur , N., Cherevyk, V., & Anosov, A. (2025). FEATURES OF NETWORK ATTACK IMPLEMENTATION THROUGH TCP/IP PROTOCOLS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(29), 571–597. https://doi.org/10.28925/2663-4023.2025.29.915
Tsekhmeister, R., Platonenko, A., Vorokhob , M., Cherevyk, V., & Semeniaka, S. (2025). RESEARCH OF INFORMATION SECURITY PROVISION METHODS IN A VIRTUAL ENVIRONMENT. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(27), 63–71. https://doi.org/10.28925/2663-4023.2025.27.703
Vorokhob, M., Kyrychok, R., Yaskevych, V., Dobryshyn, Y., & Sydorenko, S. (2023). MODERN PERSPECTIVES OF APPLYING THE CONCEPT OF ZERO TRUST IN BUILDING A CORPORATE INFORMATION SECURITY POLICY. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(21), 223–233. https://doi.org/10.28925/2663-4023.2023.21.223233Kriuchkova, L., Skladannyi, P., & Vorokhob, M. (2023). Pre-project solutions for building an authorization system based on the zero trust concept. Cybersecurity: Education, Science, Technique, 3(19), 226–242. https://doi.org/10.28925/2663-4023.2023.13.226242
Skuratovskyi, Y., Anosov, A., Kozachok, V., & Brzhevska, Z. (2025). DEVELOPMENT OF A TEST ENVIRONMENT FOR EVALUATING THE EFFECTIVENESS OF IMPLEMENTED APPLICATION-LEVEL SECURITY MEASURES. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(30), 89–98. https://doi.org/10.28925/2663-4023.2025.30.954
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Admin Skladannyi
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
