Inscrição na biblioteca: Guest
Portal Digital Begell Biblioteca digital da Begell eBooks Diários Referências e Anais Coleções de pesquisa
Journal of Automation and Information Sciences
SJR: 0.275 SNIP: 0.59 CiteScore™: 0.8

ISSN Imprimir: 1064-2315
ISSN On-line: 2163-9337

Volumes:
Volume 52, 2020 Volume 51, 2019 Volume 50, 2018 Volume 49, 2017 Volume 48, 2016 Volume 47, 2015 Volume 46, 2014 Volume 45, 2013 Volume 44, 2012 Volume 43, 2011 Volume 42, 2010 Volume 41, 2009 Volume 40, 2008 Volume 39, 2007 Volume 38, 2006 Volume 37, 2005 Volume 36, 2004 Volume 35, 2003 Volume 34, 2002 Volume 33, 2001 Volume 32, 2000 Volume 31, 1999 Volume 30, 1998 Volume 29, 1997 Volume 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i12.30
pages 18-24

Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture

Rustam Kh. Khamdamov
Scientific Innovation Center of Information and Communication Technologies of Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)

RESUMO

Web-applications are developed in several languages and deployed in various operating systems. This is connected with the various functions that web-application provides to its users. E-commerce applications must take into account various interfaces required for interoperability, security, and availability of a web-applications. Therefore, applications are developed using various languages such as PHP, ASP, JSP, NET, Python, etc., based on web-application requirements. Applications are constantly checked for vulnerabilities, and when they are vulnerable, they can be attacked. Research data shows that about 70% of web-applications are vulnerable to attacks of XSS form. This is due to the fact that entering data by users is allowed in text fields in web-application forms. This increases the threat to a web-application, allowing hackers the embedding of malicious content into the web-application. This article presents a new solution for blocking Cross-Site Scripting (XSS) attacks, which does not depend on the languages, in which web-applications are developed and eliminates XSS vulnerabilities arising from other interfaces. The solution is directed on providing independent services with specific interfaces that can be invoked to perform their tasks in a standard way without prior knowledge of the calling application by the service and without the application knowing how the service actually performs its tasks. The solution is based on a service-oriented architecture (SOA) approach. A method has been developed for blocking vulnerabilities of the XSS type based on the ability to protect applications from XSS attacks using XML and XSD. This includes creating an XML-document based on all form controls submitted by the user.

Referências

  1. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/sl0559- 015-9790-1. .

  2. KerimovK.F., Model of detection of threats of information security in electronic resources, Perspectivy razvitiya tekhniki i tekhnologii i dostizheniya gorno-metallurgicheskoi otrasli za gody nezavisimosti Respubliki Uzbekistan, Abstracts of Conference, May 12-14, 2011, Navoi, 339-340. .

  3. KozlovD.D., Petukhov A.A., Methods for detection of vulnerabilities in web-applications, Programmnyye sistemy i instrumenty, 2006, No. 7, 156-166. .

  4. Kondrashova N.V., Correlation of external criterion and technique of sample splitting on solving the problem of structurally parametric identification by the group method of data handling, Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki", 2015, No. 5, 20-33. .

  5. Nizamutdinov M.K., Tactics of defence and attack on IT-applications, BHV-Petersburg, Saint-Petersburg, 2005, 10-30. .

  6. Pazizin S.V., Fundamentals of information protection in computer systems [in Russian], TVP-OpiPM, Moscow, 2003. .

  7. Petrenko S.A., Petrenko A.A., Audit of Intranet security [in Russian], DMK Press, Moscow, 2002. .

  8. Rzhavskiy K.V., Information security: practical protection of information technologies and telecommunication systems: Tutorial [in Russian], VolGU, Volgograd, 2002. .

  9. Ryabko D.M., Approach to testing vulnerabilities of web-applications from attacks of SQL-injections [in Russian], UkrPROG, Kiev, Ukraine, 2006. .

  10. Kerimov K.F., Salakhutdinov V.Kh., Technique of information security risk assessment of electronic resources of computer network for threats of unauthorized access [in Russian], Problemy informatiki i energetiki, 2018, No. 5. .

  11. KhorevP.B., Methods and means of information protection in computer systems [in Russian], Gelios, Moscow, 2006. .

  12. Kerimov K.F., Mukhsinov Sh.Sh., Ismatullayev S.O., Firewall of database based on detection of anomalies [in Russian], Problemy informatiki i energetiki, 2015, No. 3. .


Articles with similar content:

Method of Developing a Web-Application Firewall
Journal of Automation and Information Sciences, Vol.51, 2019, issue 6
Rustam Kh. Khamdamov , Komil F. Kerimov , Jalol Oybek ugli Ibrahimov
Detection and Avoidance of Input Validation Attacks in Web Application Using Deterministic Push Down Automata
Journal of Automation and Information Sciences, Vol.51, 2019, issue 9
S. Senthilkumar, V. Nithya
Breaking Cryptosystem Based on Low Order Cutting-off
Journal of Automation and Information Sciences, Vol.41, 2009, issue 2
Andrey V. Fesenko
NOPHISH: A PHISH DETECTOR IN CLOUD SERVICES
Telecommunications and Radio Engineering, Vol.77, 2018, issue 12
J. K. Seth, S. Chandra, S. Kumar
AN ALGORITHM FOR OPTIMAL POSITIONING OF OPTICAL LIGHT GUIDES IN MULTIPLEXERS AND DEMULTIPLEXERS WITH COLLIMATING SURFACES
Telecommunications and Radio Engineering, Vol.72, 2013, issue 1
S. N. Arkhipov