WEB APPLICATION PROTECTION TECHNOLOGIES

Main Article Content

Volodymyr Pevnev
https://orcid.org/0000-0002-3949-3514
Oksana Popovichenko
https://orcid.org/0000-0002-2083-0314
Yaroslav Tsokota
https://orcid.org/0000-0001-6155-817X

Abstract

The subject matter of the article is the vulnerabilities that there are in web applications. The goal is to analyze the problem of violation of information security of web applications. The tasks to be solved are: view statistics on web attacks on web applications; identify the main prerequisites for cyber-attacks; considered the most common types of vulnerabilities; suggest ways to create a secure application. The methods used are: analytical method, literature analysis, description. The following results were obtained: For each given type of vulnerability, a scenario of a possible attack by an attacker was considered. There were also suggested ways for developers to use these vulnerabilities and develop a secure web application. Conclusions. Keep in mind that the best protection for web applications is writing safe code. Developers who implement applications should be aware in advance of the existence of common types of attacks and how they work in order to protect applications and prevent possible cyber-attacks. It is best to use security methods comprehensively to protect your web application as much as possible.

Article Details

How to Cite
Pevnev, V., Popovichenko, O., & Tsokota, Y. (2020). WEB APPLICATION PROTECTION TECHNOLOGIES. Advanced Information Systems, 4(1), 119–123. https://doi.org/10.20998/2522-9052.2020.1.18
Section
Methods of information systems protection
Author Biographies

Volodymyr Pevnev, National Aerospace University “Kharkiv Aviation Institute”, Kharkiv

Candidate of Technical Science, Associate Professor, Associate Professor of Computer Systems, Networks and Cyber security Department

Oksana Popovichenko, National Aerospace University “Kharkiv Aviation Institute”, Kharkiv

Student of Computer Systems, Networks and Cyber security Department

Yaroslav Tsokota, National Aerospace University “Kharkiv Aviation Institute”, Kharkiv

Student of Computer Systems, Networks and Cyber security Department

References

Markov, E. (2019), Distributed Application Architecture [online], available at:

https://www.itweek.ru/infrastructure/article/detail.php?ID=66147

Ptsecurity.com (2019), Attacks on web applications: results of 2018 [online], available at:

https://www.ptsecurity.com/ru-ru/research/analytics/web-application-attacks-2019

Habr.com (2015), 10 attacks on web applications in action. [online], available at:

https://habr.com/ru/company/ua-hosting/blog/272205

Docs.microsoft.com (2017), Prevention of open redirect attacks in ASP.NET Core [online], available at:

https://docs.microsoft.com/ru-ru/aspnet/core/security/preventing-open-redirects?view=aspnetcore3.1

Ionescu, P. (2014). Prevention of falsification of cross-site requests: latent danger on browser tabs [online], available at:

https://www.ibm.com/developerworks/ru/library/se-appscan-detect-csrf-xsrf/index.html

Habr.com (2014), Speedran for 13 vulnerabilities on sites. Basic concepts and means of protection [online], available at:

https://habr.com/ru/post/226321

Cadelta.ru (2019), The best solutions for protecting sites and web-applications [online], available at:

https://cadelta.ru/security/id3369

Hackware.ru (2018), Lesson 1. The basics of XSS and the search for sites vulnerable to XSS [online], available at:

https://hackware.ru/?p=1174

Habr.com (2015), Overview of authentication methods and protocols in web applications [online], available at:

https://habr.com/ru/company/dataart/blog/262817/.

Nalivaiko, A. (2017). How to protect a web application: basic tips, tools, useful links [online], available at:

https://tproger.ru/translations/webapp-security

Owasp.org (2017), The ten most critical threats to the security of web applications [online], available at:

https://www.owasp.org/images/9/96/OWASP_Top_10-2017-ru.pdf

Kalchenko, V. (2019), “Analysis of the existing methodology for conducting computer system security audits in government agencies”, Control, navigation and communication systems, 3(55), pp. 110-114.

Kalchenko, V. (2018), “An overview of penetration testing methods for assessing the security of computer systems”, Control, navigation and communication systems, 50, pp. 109-114.

Owasp.org (2017), The ten most critical threats to the security of web applications [online], available at:

https://www.owasp.org/images/9/96/OWASP_Top_10-2017-ru.pdf

Svyrydov, A., Kuchuk, H., Tsiapa, O. (2018), “Improving efficienty of image recognition process: Approach and case study”, Proceedings of 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies, DESSERT 2018, pp. 593-597, DOI: http://dx.doi.org/10.1109/DESSERT.2018.8409201

Mozhaev, O., Kuchuk H., Kuchuk, N., Mozhaev, M. and Lohvynenko M. (2017), “Multiservise network security metric”, IEEE Advanced information and communication technologies-2017, Proc. of the 2th Int. Conf, Lviv, pp. 133-136, DOI: https://doi.org/10.1109/AIACT.2017.8020083

Nalivaiko, A. (2017). How to protect a web application: basic tips, tools, useful links. [online], available at:

https://tproger.ru/translations/webapp-security/.