WEB APPLICATION SECURITY AND HACKER ATTACKS
DOI:
https://doi.org/10.35546/kntu2078-4481.2023.3.11Keywords:
web application, hacker attack, SQL injection, Cross-site scripting, Cross-site request forgery, Server-side request forgery, file attackAbstract
The issue of web application security and protection against hacker attacks is very important in the modern world, as the number of web applications that contain vulnerabilities and may become the target of hacker attacks is growing. It is necessary to pay sufficient attention to security measures to protect user data from unwanted access and malicious use. This article discusses the main types of hacker attacks on web applications, such as SQL injection (SQLi), Cross-site scripting (XSS), Cross-site request forgery (CSRF), Server-side request forgery (SSRF), and file attacks, and provides examples of protection measures against each type of attack. In order to ensure the security of web applications, it is necessary to adhere to security principles, use strong passwords, update software, monitor web applications, and conduct regular security audits. The article reviews, systematizes and summarizes publications on the principles of web application security and the most threatening hacker attacks. Modern methodologies over and going are brought near the design of threats that help to provide safety of webaddit ions. Considered next methodologies of design : Threat Modeling, Security Testing, Risk Assessment, Penetration Testi ng, Security Audits, STRIDE, DREAD, VAST, PASTA, Trike, PTA (Penetration Testing and of Assessment). On the basis of methodologies the design of threats is offered the renewed and improved basic principles of safety of web-additions. The goal of this research is to define the basic principles of web application security and identify the most common vulnerabilities that allow hacker attacks, as well as to determine the means of protection against various types of hacker attacks on web applications. The main results of the research. The basic principles of web application security have been clarified, and means of protection against various types of hacker attacks on web applications have been proposed. Scientific novelty. An effective methodological system of protection against the most threatening hacker attacks has been developed.
References
McGraw, G. Software security: Building security in. Addison-Wesley Professional, 1st edition, 2006. 396 p.
McGraw, G. Software security: Building security in. Addison-Wesley Professional, 2nd edition 2018. 528 p.
John Viega, Gary R. McGraw. Building Secure Software. Addison-Wesley Professional. 2002. 528 p.
Michael Howard, David LeBlanc. Writing secure code (Vol. 19). Microsoft Press, 2002. 608 p.
Michael Howard, David LeBlanc & John Viega. 19 Deadly Sins of Software Development. New York, NY: McGraw-Hill, 2005. 348 p.
Stuttard, D., & Pinto, M. The web application hacker's handbook: Finding and exploiting security flaws. John Wiley & Sons, 2016. 912 p.
Shostack, A. Threat modeling: designing for security. John Wiley & Sons, 2014. 624 p.
Easttom, C. Computer security fundamentals (3rd ed.). Pearson, 2016. 448 p.
Mark Dowd, John McDonald, & Justin Schuh. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Addison-Wesley Professional, 2006. 1200 p.
Eric Byres. Threat Modeling: Uncover Security Design Flaws Using the STRIDE Approach. Addison-Wesley Professional, 2014. 232 p.
Douglas Craig. Security Web Applications. O'Reilly Media, 2007. 296 p.
Bass, T., Clements, P., & Kazman, R. Software architecture in practice (3rd ed.). Addison-Wesley Professional, 2015. 624 p.
Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. A survey of web security research. IEEE Transactions on Information Forensics and Security, 6(3), 2011. p. 1-17. DOI: 10.1109/TIFS.2011.2118713
Ristic, I. Bulletproof SSL and TLS: Understanding and deploying SSL/TLS and PKI to secure servers and web applications. Feisty Duck, 2013. 400 p.
Stamper, R. Information security: principles and practice. John Wiley & Sons, 2005. 488 p.
Mitchell, R. Web penetration testing with kali linux: Discover the power of Kali Linux, one of the most popular tools for penetration testing, using real-world scenarios. Packt Publishing Ltd., 2019. 488 p.
Westrum, E. F. Secure software design. Auerbach Publications, 2016. 318 p.
Florêncio, D., Herley, C., & van Oorschot, P. C. Passwords and the evolution of imperfect authentication. Communications of the ACM, 57(9), 2014. p. 78-87. DOI: 10.1145/2643132.2643136
Matt Bishop. Computer security: art and science. Addison-Wesley Professional, 2003. 1132 p.
