JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS

Main Article Content

Irada Rahimova
http://orcid.org/0000-0003-3158-6844
Firangiz Qubadova
http://orcid.org/0000-0002-5031-9787
Barayat Asker zade
http://orcid.org/0000-0001-7630-5028
Serhii Pohasii
http://orcid.org/0000-0002-4540-3693

Abstract

The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of protection against attacks on third-party JavaScript resources. The third-party JavaScript code download chain may consist of three or four third-party websites. From a security point of view, this creates a risk of attack on a third-party resource. If the attacker compromises one of the third-party resources, this will affect the entire chain using this resource. Based on these conditions, it is indispensable to solve the following tasks: to develop a secure algorithm for hash functions for protecting applications in JavaScript, which will constantly monitor changes that occur on a web page; determine the advantages and disadvantages of the method in real operating conditions. In the process of the study, the following results were obtained: the problems of writing safe code in JS were considered, the algorithm for using cryptographic hash functions was proposed, the essence of which is that the hash is calculated at the first moment of loading a third-party resource. Each time a third-party resource is loaded, the algorithm calculates its hash and compares it with the value of the first hash. It is established that cryptographic hash functions on the example of sha384 have the property of an avalanche effect. It is recommended to use this method for web pages with mission-critical operations, such as payment pages, registration, password reset or account login. Their strengths and weaknesses were also revealed in the process of improving the JavaScript protection method.

Article Details

How to Cite
Rahimova, I., Qubadova, F., Asker zade, B., & Pohasii, S. (2019). JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS. Advanced Information Systems, 3(4), 105–108. https://doi.org/10.20998/2522-9052.2019.4.15
Section
Methods of information systems protection
Author Biographies

Irada Rahimova, Azerbaijan Technical University, Baku

Associated Professor of Computer Systems and Networks Department

Firangiz Qubadova, Azerbaijan Technical University, Baku

Associated Professor of Computer Systems and Networks Department

Barayat Asker zade, Azerbaijan Technical University, Baku

Associated Professor of Computer Systems and Networks Department

Serhii Pohasii, S. Kuznets Kharkiv National University of Economics, Kharkiv

PhD in Economics, Associated Professor of Cybersecurity and Information Technologies Department

References

Haverbeke, Marijn (2018), Eloquent JavaScript, 3rd Edition: A Modern Introduction to Programming Paperback, Dec.4, 2018, available at: http://eloquentjavascript.net.

Kingsley-Hughes, Adrian and Kingsley-Hughes, Kathie (2008), JavaScript 1.5 by Example 1st Edition Que Publishing, 1 edition, 312 p.

Grimes R.A. (2017), Hacking the Hacker: Learn From the Experts Who Take Down Hackers, Hoboken: Wiley, 283 p.

Yaworski, P. (2015), Web Hacking 101. Kindle Edition, 216 p.

Bisson, D. (2017), Researcher warns of ‘pastejacking’ hack attacks targeting users’ clipboards, available at:

https://www.grahamcluley.com

Zaitsev, M. (2017), Security of Java applications leaves much to be desired, available at:

https://threatpost.ru/veracode-states-that-java-apps-are-poorly-protected/22946

TOP-10 OWASP – 2017 (2017), available at:

https://www.owasp.org/images/9/96/OWASP_Top_10-2017-ru.pdf