Treffer: РОЗРОБКА ТЕСТОВОГО СЕРЕДОВИЩА ДЛЯ ПЕРЕВІРКИ ЕФЕКТИВНОСТІ ВПРОВАДЖЕНИХ ЗАХОДІВ БЕЗПЕКИ НА РІВНІ ДОДАТКІВ.

The article addresses the problem of ensuring cybersecurity of corporate information and communication systems at the application level, which remains the main vector of modern cyberattacks. The limitations of traditional tools such as firewalls and antivirus software in countering vulnerabilities of web applications, APIs, and microservice architectures are emphasized. To overcome these challenges, the authors propose the development of a test environment enabling comprehensive assessment of implemented security measures, including access control, encryption, user activity monitoring, vulnerability detection and prevention, and real-time incident response. The proposed virtualized environment, built on VMware Workstation Pro and Oracle VirtualBox, is divided into three logical zones (DMZ, internal network, and instrumental zone) and integrates tools such as Burp Suite, OWASP ZAP, sqlmap, Splunk, Wazuh, and Metasploit. It allows the simulation of typical attack scenarios (SQL injection, XSS, CSRF, brute force, network scanning) to evaluate detection accuracy, false-positive rates, performance, and integration of different security components. The environment is aligned with international standards ISO/IEC 27001 and NIST SP 800-53, while its flexibility, scalability, and reproducibility make it suitable for both research and educational purposes. Results confirm the relevance of integrating the DevSecOps approach with SIEM, XDR, and SOAR technologies to strengthen application-level protection. The proposed solution provides a reliable foundation for evaluating and improving cybersecurity measures in real corporate environments. [ABSTRACT FROM AUTHOR]

Copyright of Cybersecurity: Education, Science, Technique / Kiberbezpeka: Osvita, Nauka, Tekhnika is the property of Cybersecurity: Education, Science, Technique / Kiberbezpeka: Osvita, Nauka, Tekhnika and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)