Abstract—
The problem of the dynamic analysis of website security using asynchronous content loading technologies is considered. The possibility of solving the problem of detecting scan input vectors using the technology of interpreting JavaScript scripts is considered.
Similar content being viewed by others
REFERENCES
Statistics of the number of websites on the Internet. https://news.netcraft.com/archives/2018/02/13/february-2018-web-server-survey.html.
Zegzhda, P.D., Zegzhda, D.P., and Kalinin, M.O., A new approach to security evaluation of operating systems, International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, 2007, pp. 254–259. https://doi.org/10.1007/978-3-540-73986-9_22
Demidov, R., Pechenkin, A., and Zegzhda, P., Integer overflow vulnerabilities detection in software binary code, Proceedings of the 10th International Conference on Security of Information and Networks. ACM, 2017.
Murugesan, S., Understanding Web 2.0, IT Prof. Mag., 2007, vol. 9, no. 4, p. 34.
Anderson, P., What Is Web 2.0?: Ideas, Technologies and Implications for Education, JISC Technical Report, 2007. http://www.jisc.ac.uk/media/documents/techwatch/tsw0701b.pdf.
Lassila, O. and Hendler, J., Embracing web 3.0, IEEE Internet Comput., 2007, vol. 11, no. 3.
Lin, Z., et al., Research on web applications using Ajax new technologies, 2008 International Conference on Multimedia and Information Technology, IEEE, 2008, pp. 139–142.
Jensen, M., Gruschka, N., and Herkenhöner, R., A survey of attacks on web services, Comput. Sci. Res. Dev., 2009, vol. 24, no. 4, p. 185.
Wichers, D., OWASP Top-10 2013, OWASP Foundation, 2013.
Halfond, W.G., et al., A classification of SQL-injection attacks and countermeasures, Proceedings of the IEEE International Symposium on Secure Software Engineering, IEEE, 2006, vol. 1, pp. 13–15.
Sarhadi, R.M. and Ghafori, V., New approach to mitigate XML-DOS and HTTP-DOS attacks for cloud computing, Int. J. Comput. Appl., 2013, vol. 72, no. 16.
Kargl, F., Maier, J., and Weber, M., Protecting web servers from distributed denial of service attacks, Proceedings of the 10th International Conference on WORLD WIDE WEB, ACM, 2001, pp. 514–524.
Bau, J., et al., State of the art: Automated black-box web application vulnerability testing, 2010 IEEE Symposium on Security and Privacy, 2010, pp. 332–345.
Web Vulnerability Scanner WAScan. https://github.com/m4ll0k/WAScan.
SaaS-scanner of web vulnerabilities BB Scanner. https://bbs.ptsecurity.com/en/sites.
Web vulnerability scanner w3af. https://github.com/andresriancho/w3af.
SaaS web vulnerability scanner detectify. https://detectify.com/.
Funding
The reported study was funded by RFBR according to the research project no. 18-29-03102.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by I. P. Obrezanova
About this article
Cite this article
Ivanov, D.V., Moskvin, D.A. & Kubrin, G.S. Detection of Security Threats to Modern Websites. Aut. Control Comp. Sci. 53, 963–968 (2019). https://doi.org/10.3103/S0146411619080108
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411619080108