Security policy Management for Banking Web-Application

This master's thesis considers methods for collecting information about the user of the internet banking application in order to improve effectivity of customer identification. To date, the task of determining the legitimacy of a client's actions, due to a large amount of compromising credentials, is fundamental. This task cannot be solved by implementing standard web applications security systems since they are aimed at repelling direct attacks in which there are attempts to crack or violate the logic of the system. The purpose of the work is to determine the possibility of using predictive data analysis in order to ensure the bank's security policy. To achieve the purpose of the dissertation, the main problems and the place of internet banking in the system of remote banking services are considered. The following main problems are considered: legal regulation in the field of remote banking services, low level of clients' awareness of both opportunities and threats, limited technical capabilities and security of internet transactions. As part of the master's thesis, the issue of ensuring the security of internet transactions is highlighted. We describe existing methods and specialized systems for protecting internet transactions. At the core of such systems, in most cases, modules of collection and behavioral analysis are presented. Existing projects that use these techniques for customer identification are considered. A product has been selected that can be embedded in various antifraud systems and remote manikins systems. The function of the product and the prospects for adding new methods to its work are analyzed. As a result, a module was created to collect information about the movement of a user's computer mouse in a web application. Based on the collected information, a database of training data was created for its further use in predictive models in order to ensure the bank's security policy.