Treffer: ЕКСПЕРИМЕНТИ ТА ПРАКТИЧНІ РІШЕННЯ ПОБУДОВИ ТЕСТОВОГО СЕРЕДОВИЩА ДЛЯ ПЕРЕВІРКИ РІВНЯ БЕЗПЕКИ НА РІВНІ ДОДАТКІВ

The article examines experimental approaches and practical solutions for building a test environment to assess application-level security. The aim of the research is to create an isolated laboratory infrastructure that simulates a corporate network structure with a DMZ zone, an internal segment, and an attack environment to objectively evaluate the effectiveness of modern security tools. The test environment was implemented using VMware Workstation Pro virtualization and integrated tools such as Burp Suite Pro, AppScan, ZAP Proxy, Acunetix, Splunk, Wazuh, and LogRhythm. A series of experiments were conducted, including simulations of typical applicationlayer attacks (SQL injection, XSS, CSRF, brute force, and network scanning), along with event log collection and analysis. The experimental results demonstrated that Burp Suite Pro and Splunk provide the highest overall efficiency, while Wazuh and ZAP Proxy offer acceptable quality with minimal resource consumption. It was found that combining scanning, monitoring, and response tools within a multi-layer security model significantly increases system resilience against attacks. Based on the obtained data, practical recommendations were developed for implementing combined application-level protection strategies based on Zero Trust Architecture and DevSecOps principles. The proposed model maintains an optimal balance between security and performance and can be used for building effective monitoring systems, vulnerability testing, and cybersecurity training. The developed environment can also be adapted for testing new protection tools and modeling complex attack scenarios. Future research will focus on improving automated analysis of testing results and expanding the environment's functionality. [ABSTRACT FROM AUTHOR]

Copyright of Cybersecurity: Education, Science, Technique / Kiberbezpeka: Osvita, Nauka, Tekhnika is the property of Cybersecurity: Education, Science, Technique / Kiberbezpeka: Osvita, Nauka, Tekhnika and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)