Доступ предоставлен для: Guest
Портал Begell Электронная Бибилиотека e-Книги Журналы Справочники и Сборники статей Коллекции
Journal of Automation and Information Sciences
SJR: 0.275 SNIP: 0.59 CiteScore™: 0.8

ISSN Печать: 1064-2315
ISSN Онлайн: 2163-9337

Выпуски:
Том 52, 2020 Том 51, 2019 Том 50, 2018 Том 49, 2017 Том 48, 2016 Том 47, 2015 Том 46, 2014 Том 45, 2013 Том 44, 2012 Том 43, 2011 Том 42, 2010 Том 41, 2009 Том 40, 2008 Том 39, 2007 Том 38, 2006 Том 37, 2005 Том 36, 2004 Том 35, 2003 Том 34, 2002 Том 33, 2001 Том 32, 2000 Том 31, 1999 Том 30, 1998 Том 29, 1997 Том 28, 1996

Journal of Automation and Information Sciences

DOI: 10.1615/JAutomatInfScien.v51.i12.30
pages 18-24

Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture

Rustam Kh. Khamdamov
Scientific Innovation Center of Information and Communication Technologies of Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)
Komil F. Kerimov
Muhammad al-Khwarizmi Tashkent University of Information Technologies, Tashkent (Uzbekistan)

Краткое описание

Web-applications are developed in several languages and deployed in various operating systems. This is connected with the various functions that web-application provides to its users. E-commerce applications must take into account various interfaces required for interoperability, security, and availability of a web-applications. Therefore, applications are developed using various languages such as PHP, ASP, JSP, NET, Python, etc., based on web-application requirements. Applications are constantly checked for vulnerabilities, and when they are vulnerable, they can be attacked. Research data shows that about 70% of web-applications are vulnerable to attacks of XSS form. This is due to the fact that entering data by users is allowed in text fields in web-application forms. This increases the threat to a web-application, allowing hackers the embedding of malicious content into the web-application. This article presents a new solution for blocking Cross-Site Scripting (XSS) attacks, which does not depend on the languages, in which web-applications are developed and eliminates XSS vulnerabilities arising from other interfaces. The solution is directed on providing independent services with specific interfaces that can be invoked to perform their tasks in a standard way without prior knowledge of the calling application by the service and without the application knowing how the service actually performs its tasks. The solution is based on a service-oriented architecture (SOA) approach. A method has been developed for blocking vulnerabilities of the XSS type based on the ability to protect applications from XSS attacks using XML and XSD. This includes creating an XML-document based on all form controls submitted by the user.

Ключевые слова: visibility, XSS, threat identification, adaptive analysis

ЛИТЕРАТУРА

  1. Opanasenko V.N., Kryvyi S.L., Synthesis of adaptive logical networks on the basis of Zhegalkin polynomials, Cybernetics and Systems Analysis, 2015, 51, No. 6, 969-977, DOI: 10.1007/sl0559- 015-9790-1. .

  2. KerimovK.F., Model of detection of threats of information security in electronic resources, Perspectivy razvitiya tekhniki i tekhnologii i dostizheniya gorno-metallurgicheskoi otrasli za gody nezavisimosti Respubliki Uzbekistan, Abstracts of Conference, May 12-14, 2011, Navoi, 339-340. .

  3. KozlovD.D., Petukhov A.A., Methods for detection of vulnerabilities in web-applications, Programmnyye sistemy i instrumenty, 2006, No. 7, 156-166. .

  4. Kondrashova N.V., Correlation of external criterion and technique of sample splitting on solving the problem of structurally parametric identification by the group method of data handling, Mezhdunarodnyi nauchno-tekhnicheskiy zhurnal "Problemy upravleniya i informatiki", 2015, No. 5, 20-33. .

  5. Nizamutdinov M.K., Tactics of defence and attack on IT-applications, BHV-Petersburg, Saint-Petersburg, 2005, 10-30. .

  6. Pazizin S.V., Fundamentals of information protection in computer systems [in Russian], TVP-OpiPM, Moscow, 2003. .

  7. Petrenko S.A., Petrenko A.A., Audit of Intranet security [in Russian], DMK Press, Moscow, 2002. .

  8. Rzhavskiy K.V., Information security: practical protection of information technologies and telecommunication systems: Tutorial [in Russian], VolGU, Volgograd, 2002. .

  9. Ryabko D.M., Approach to testing vulnerabilities of web-applications from attacks of SQL-injections [in Russian], UkrPROG, Kiev, Ukraine, 2006. .

  10. Kerimov K.F., Salakhutdinov V.Kh., Technique of information security risk assessment of electronic resources of computer network for threats of unauthorized access [in Russian], Problemy informatiki i energetiki, 2018, No. 5. .

  11. KhorevP.B., Methods and means of information protection in computer systems [in Russian], Gelios, Moscow, 2006. .

  12. Kerimov K.F., Mukhsinov Sh.Sh., Ismatullayev S.O., Firewall of database based on detection of anomalies [in Russian], Problemy informatiki i energetiki, 2015, No. 3. .


Articles with similar content:

Method of Developing a Web-Application Firewall
Journal of Automation and Information Sciences, Vol.51, 2019, issue 6
Rustam Kh. Khamdamov , Komil F. Kerimov , Jalol Oybek ugli Ibrahimov
Statistical Analysis of Multiplicative Schemes in Economics
Journal of Automation and Information Sciences, Vol.33, 2001, issue 9
Vaieriy Yu. Kotlyar, Alexander V. Antonov
Numerical Topology Optimization of Heat Sinks
International Heat Transfer Conference 15, Vol.37, 2014, issue
Martine Baelmans, Tijs Van Oevelen
VALIDATION AND SIMULATION OF MANUFACTURING ENGINEERING DATA
Flexible Automation and Intelligent Manufacturing, 1997:
Proceedings of the Seventh International FAIM Conference, Vol.0, 1997, issue
Anan Mungwattana, Albert Jones, John Shewchuk
AUTHENTICATION AND SECURE COMMUNICATIONS FOR INTERNET OF VEHICLES (IOV)-ASSISTED FOG COMPUTING
Telecommunications and Radio Engineering, Vol.78, 2019, issue 18
H. A. G. Alsalman, J. I. Naser, A. J. Kadhim