Models and scenarios of implementation of threats for internet resources
To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixin...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
MIREA - Russian Technological University
2020-12-01
|
| Series: | Российский технологический журнал |
| Subjects: | |
| Online Access: | https://www.rtj-mirea.ru/jour/article/view/255 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832543414746349568 |
|---|---|
| author | S. A. Lesko |
| author_facet | S. A. Lesko |
| author_sort | S. A. Lesko |
| collection | DOAJ |
| description | To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application. |
| format | Article |
| id | doaj-art-390daa5bebf94634b0a943adb222aedb |
| institution | Kabale University |
| issn | 2500-316X |
| language | Russian |
| publishDate | 2020-12-01 |
| publisher | MIREA - Russian Technological University |
| record_format | Article |
| series | Российский технологический журнал |
| spelling | doaj-art-390daa5bebf94634b0a943adb222aedb2025-02-03T11:45:49ZrusMIREA - Russian Technological UniversityРоссийский технологический журнал2500-316X2020-12-018693310.32362/2500-316X-2020-8-6-9-33225Models and scenarios of implementation of threats for internet resourcesS. A. Lesko0MIREA – Russian Technological UniversityTo facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.https://www.rtj-mirea.ru/jour/article/view/255computer and network securitythreat models and scenariosinternet resourcessql injectionsxss attacks (crossite scripting) |
| spellingShingle | S. A. Lesko Models and scenarios of implementation of threats for internet resources Российский технологический журнал computer and network security threat models and scenarios internet resources sql injections xss attacks (crossite scripting) |
| title | Models and scenarios of implementation of threats for internet resources |
| title_full | Models and scenarios of implementation of threats for internet resources |
| title_fullStr | Models and scenarios of implementation of threats for internet resources |
| title_full_unstemmed | Models and scenarios of implementation of threats for internet resources |
| title_short | Models and scenarios of implementation of threats for internet resources |
| title_sort | models and scenarios of implementation of threats for internet resources |
| topic | computer and network security threat models and scenarios internet resources sql injections xss attacks (crossite scripting) |
| url | https://www.rtj-mirea.ru/jour/article/view/255 |
| work_keys_str_mv | AT salesko modelsandscenariosofimplementationofthreatsforinternetresources |