Prokhorenko, V.Choo, K.Ashman, H.2018-05-272018-05-272016IEEE Transactions on Information Forensics and Security, 2016; 11(10):2215-22261556-60131556-6021http://hdl.handle.net/2440/112354Protecting Web applications is increasingly important due to their high popularity and wide adoption. Therefore, a multitude of protection techniques emerged in effort to secure Web applications, specifically considering valuable and private data commonly processed by such applications. Based on an overview of currently existing protection techniques, a generic and extensible PHP-oriented protection framework is proposed. The concept of application developer intent is introduced and compared with other concepts such as enforced security policies commonly used in existing protection approaches. The proposed framework is mainly focused on application developer intention understanding. Supervising the application execution in real-time makes it possible to detect deviations from the intended behavior and prevent potentially malicious activity. The additional aspects of application behavior, such as database-related communications or generated Web page structure, can be analyzed due to the extensible architecture of the framework.en© 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.PHP; intent-based; real-time supervision; web application securityJournal article003008678410.1109/TIFS.2016.25690630003821678000062-s2.0-84979928325356672