Abo Bibliothek: Guest
Digitales Portal Digitale Bibliothek eBooks Zeitschriften Referenzen und Berichte Forschungssammlungen
Journal of Automation and Information Sciences
SJR: 0.275 SNIP: 0.59 CiteScore™: 0.8

ISSN Druckformat: 1064-2315
ISSN Online: 2163-9337

Volumes:
Volumen 52, 2020 Volumen 51, 2019 Volumen 50, 2018 Volumen 49, 2017 Volumen 48, 2016 Volumen 47, 2015 Volumen 46, 2014 Volumen 45, 2013 Volumen 44, 2012 Volumen 43, 2011 Volumen 42, 2010 Volumen 41, 2009 Volumen 40, 2008 Volumen 39, 2007 Volumen 38, 2006 Volumen 37, 2005 Volumen 36, 2004 Volumen 35, 2003 Volumen 34, 2002 Volumen 33, 2001 Volumen 32, 2000 Volumen 31, 1999 Volumen 30, 1998 Volumen 29, 1997 Volumen 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i12.30
pages 18-24

Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture

Rustam Kh. Khamdamov
Scientific Innovation Center of Information and Communication Technologies of Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)

ABSTRAKT

Web-applications are developed in several languages and deployed in various operating systems. This is connected with the various functions that web-application provides to its users. E-commerce applications must take into account various interfaces required for interoperability, security, and availability of a web-applications. Therefore, applications are developed using various languages such as PHP, ASP, JSP, NET, Python, etc., based on web-application requirements. Applications are constantly checked for vulnerabilities, and when they are vulnerable, they can be attacked. Research data shows that about 70% of web-applications are vulnerable to attacks of XSS form. This is due to the fact that entering data by users is allowed in text fields in web-application forms. This increases the threat to a web-application, allowing hackers the embedding of malicious content into the web-application. This article presents a new solution for blocking Cross-Site Scripting (XSS) attacks, which does not depend on the languages, in which web-applications are developed and eliminates XSS vulnerabilities arising from other interfaces. The solution is directed on providing independent services with specific interfaces that can be invoked to perform their tasks in a standard way without prior knowledge of the calling application by the service and without the application knowing how the service actually performs its tasks. The solution is based on a service-oriented architecture (SOA) approach. A method has been developed for blocking vulnerabilities of the XSS type based on the ability to protect applications from XSS attacks using XML and XSD. This includes creating an XML-document based on all form controls submitted by the user.

REFERENZEN

  1. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/sl0559- 015-9790-1. .

  2. KerimovK.F., Model of detection of threats of information security in electronic resources, Perspectivy razvitiya tekhniki i tekhnologii i dostizheniya gorno-metallurgicheskoi otrasli za gody nezavisimosti Respubliki Uzbekistan, Abstracts of Conference, May 12-14, 2011, Navoi, 339-340. .

  3. KozlovD.D., Petukhov A.A., Methods for detection of vulnerabilities in web-applications, Programmnyye sistemy i instrumenty, 2006, No. 7, 156-166. .

  4. Kondrashova N.V., Correlation of external criterion and technique of sample splitting on solving the problem of structurally parametric identification by the group method of data handling, Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki", 2015, No. 5, 20-33. .

  5. Nizamutdinov M.K., Tactics of defence and attack on IT-applications, BHV-Petersburg, Saint-Petersburg, 2005, 10-30. .

  6. Pazizin S.V., Fundamentals of information protection in computer systems [in Russian], TVP-OpiPM, Moscow, 2003. .

  7. Petrenko S.A., Petrenko A.A., Audit of Intranet security [in Russian], DMK Press, Moscow, 2002. .

  8. Rzhavskiy K.V., Information security: practical protection of information technologies and telecommunication systems: Tutorial [in Russian], VolGU, Volgograd, 2002. .

  9. Ryabko D.M., Approach to testing vulnerabilities of web-applications from attacks of SQL-injections [in Russian], UkrPROG, Kiev, Ukraine, 2006. .

  10. Kerimov K.F., Salakhutdinov V.Kh., Technique of information security risk assessment of electronic resources of computer network for threats of unauthorized access [in Russian], Problemy informatiki i energetiki, 2018, No. 5. .

  11. KhorevP.B., Methods and means of information protection in computer systems [in Russian], Gelios, Moscow, 2006. .

  12. Kerimov K.F., Mukhsinov Sh.Sh., Ismatullayev S.O., Firewall of database based on detection of anomalies [in Russian], Problemy informatiki i energetiki, 2015, No. 3. .


Articles with similar content:

Detection and Avoidance of Input Validation Attacks in Web Application Using Deterministic Push Down Automata
Journal of Automation and Information Sciences, Vol.51, 2019, issue 9
S. Senthilkumar, V. Nithya
Method of Developing a Web-Application Firewall
Journal of Automation and Information Sciences, Vol.51, 2019, issue 6
Rustam Kh. Khamdamov , Komil F. Kerimov , Jalol Oybek ugli Ibrahimov
Invariant Transformation in Identification Theory
Telecommunications and Radio Engineering, Vol.60, 2003, issue 10-12
Oleg Sytnik
Development of Behavior Blocking System
Telecommunications and Radio Engineering, Vol.63, 2005, issue 2-6
O. Yu. Peskova, S. V. Cherednichenko, F. A. Kosolapov
A NON-PARAMETRIC METHOD FOR INCURRED BUT NOT REPORTED CLAIM RESERVE ESTIMATION
International Journal for Uncertainty Quantification, Vol.2, 2012, issue 1
Cristiano Fernandes, Jocelia Barcellos, Jessica Kubrusly, Helio Lopes