Current threats and methods of securing web applications | Статья в журнале «Молодой ученый»

Отправьте статью сегодня! Журнал выйдет 28 декабря, печатный экземпляр отправим 1 января.

Опубликовать статью в журнале

Автор:

Рубрика: Информационные технологии

Опубликовано в Молодой учёный №37 (536) сентябрь 2024 г.

Дата публикации: 13.09.2024

Статья просмотрена: 11 раз

Библиографическое описание:

Ухливанов, С. М. Current threats and methods of securing web applications / С. М. Ухливанов. — Текст : непосредственный // Молодой ученый. — 2024. — № 37 (536). — С. 12-15. — URL: https://moluch.ru/archive/536/117382/ (дата обращения: 16.12.2024).



The article deals with modern web application security risks and methods of their prevention. Based on the analysis of modern literature, the author systematizes key threats to web application, presents a brief description of the main ones and highlights promising prevention and elimination measures.

Keywords: web application, attack, risk, injection, coding.

Nowadays, the role of the Internet for the software environment has increased significantly. Applications created using Web technologies have become the best solution for various industries and have gradually displaced applications based on other technologies. This has led to the complexity of Web applications in terms of structure, architecture, and implementation. In addition, distributed architecture has gained wide adoption. This state of affairs has put forward new demands on Web application security issues.

Every year, attackers develop increasingly sophisticated methods of attacking Web applications to compromise sensitive information and gain access to databases. Accordingly, security experts consider exploited vulnerabilities and strengthen their systems based on the knowledge gained. However, the aggregate frequency and cost of data leaks is increasing in geometric progression, and as of today, it is around US$9.17 million. According to expert reports, 96 % of Web applications have defects and anomalies [1].

According to the latest DBIR study, Web applications are the primary attack vector in 2024, projected to be used by attackers in 80 % of incidents. Web applications are prime targets for attacks for two reasons. First, many of them contain vulnerabilities or configuration errors. Second, a significant portion of Web applications store extremely valuable information, such as personal and financial data, and in the event of a successful hack, attackers will gain direct access to this data. A study by Kaspersky found that 40 % of IT professionals engaged in ethical hacking consider Web application attacks to be among the most profitable for cybercriminals, and 55 % claim the same for APIs [2].

Overall, the data provided confirm that Web application attacks remain the biggest and most serious security threat on the Internet and require constant monitoring and security measures, which has predetermined the choice of the topic of this article.

The basic principles of Web application security, including, issues such as threat identification, attack protection, interception protection, and data tampering are addressed in their papers by N. N. Teterin, T. P. Semenov, A. K. Blagorazumov, P. E. Chernikov, G. E. Glukhov, A. V. Semin.

An extensive overview of the vulnerabilities that are specific to Web applications, including data entry-level attacks, session security risks, and server attacks, is presented in the publications of G. S. Ermakova, N. N. Panteleeva, T. V. Azarnova, P. V. Polukhina, V. A. Prytkova.

At the same time, despite the significant number of publications on the research topic, the emergence of new protocols and standards, and the capabilities of artificial intelligence technologies, the substantial growth of malicious traffic activity on the Internet necessitates the need to constantly update and actualize the conclusions and recommendations in this subject area.

Thus, the purpose of the paper is to study the current threats and ways to ensure the security of Web applications.

First and foremost, it is essential to note that Web application security is the practice of detecting and preventing cyberattacks on them and, more importantly, creating applications that are initially secure. This includes a set of security controls embedded in Web applications to protect against a growing number of cyberthreats [3].

Based on a study of Web application incidents detected and remediated in December 2023, experts identified the following facts:

— 30 % of all web application attacks targeted security system misconfiguration — for example, coding and implementation errors;

— 21 % of attacks involved code injections. These weren’t just SQL injections (typically designed to steal, destroy, or manipulate data). Attacks using LDAP and Log4Shell have also been popular [4].

Based on the literature available to date, using research results and data from analytical reports, in Figs. 1 author highlights the most common current threats to Web application security.

Fig. 1 Major Web Application Security Threats

It is not possible to consider all threats within the scope of this article, so we will briefly characterize some of them with a special focus on ways to prevent them.

Injection attacks . A web application vulnerable to intrusion attacks accepts untrusted data from an input field without properly preprocessing it. By embedding code in the input field, an attacker can trick the server, causing it to interpret the code as a system command and thus implement the attack.

Common injection attacks include SQL injections, cross-site scripting, email header injections, and more. These attacks can result in unauthorized access to databases and the use of administrator privileges.

To prevent injection attacks, the following measures are important:

— disallowing unreliable command and query inputs;

— using a secure application programming interface that bypasses interpreters or applies parameterized interfaces;

— filtering and decontaminating all input data according to the whitelist.

Improper Security Configuration . The most frequent and usual threats to Web applications arise due to improper configuration. They become possible as a result of inadequate or insecure system settings, the use of public cloud repositories, or cryptographic error alerts. To prevent misconfiguration, all operating systems, frameworks, libraries, and applications must be securely configured, patched, and conform to best practices recommended by the hardware or software manufacturer.

Violated authentication. This is a general threat term referring to vulnerabilities in which authentication and session management tokens are inadequately implemented. Compromised authentication allows hackers to claim the identity of a legitimate user, access their confidential data, and potentially exploit assigned identity privileges. To prevent and prevent this threat, you should terminate sessions after a certain period of inactivity, revoke the session ID immediately after it ends, set limits on password simplicity, and implement multi-factor authentication.

Unsafe Deserialization. This threat often leads to remote code execution situations. These flaws allow replay, injection, and privilege escalation attacks to be conducted even if remote code execution does not occur. Banning calibrated objects from unreliable sources is one way to prevent this kind of threat.

Cross-site scripting. Cross-site scripting attacks imply the injection of malicious code or a malicious script into a Web application. The application then executes the script, allowing the attacker to steal sensitive user data, such as session tokens and cookies, or perform other actions. If successful, a cross-site scripting attack can result in the theft of user session IDs, corruption of the Web application, and redirection to malicious sites, enabling phishing attacks.

The following actions must be taken to level this threat:

  1. Verification of user-entered data.
  2. Using inference coding techniques.
  3. Application of car sanitation libraries such as OWASP AntiSamy.
  4. Implement a content security policy.

Thus, in summary, note that Web applications are attractive attack vectors for cybercriminals, and today they are subjected to increasingly frequent illegal impacts. In order to ensure the security of the Web application, it is advisable to use the latest tools to scan and monitor for vulnerabilities and threats, and to apply the latest secure coding techniques.

References:

  1. Rusakov A. M. Development of web application reliability analyzer based on network attack simulation // Modern science: current issues of theory and practice. 2023. No 7–2. S. 105–112.
  2. Belyaeva K. V. Web Development Security: HTTPS, CORS, XSS, CSRF, CSP // International Journal of Information Technology and Energy Efficiency. 2023. Vol. 8. No 5–2 (31). S. 83–85.
  3. Gumbina E. A. Principles and mechanisms of data security in web applications // Current research. 2024. No 6–1. S. 62–66.
  4. Chavez K. G. Applications of Machine Learning in Software Development to Prevent CSRF Vulnerabilities in Web Applications // Modern Science: Current Issues of Theory and Practice. Series: Natural and technical sciences. 2023. No 9–2. S. 127–132.
Основные термины (генерируются автоматически): CSRF, SQL, CORS, CSP, DBIR, HTTPS, LDAP, OWASP, XSS.


Ключевые слова

risk, web application, attack, injection, coding

Похожие статьи

To the question of practical use of ''Smart home'' system

The article focuses on the design and creation process of the automated integrated system for monitoring and control of home appliances and other things used in a person's everyday life. The following advantages of the system are taken into considera...

Selection of backend technologies for creation of web application

The article is devoted to analyzing various server technologies required for creating web applications. In the process of research, the importance of these technologies for providing performance, scalability and high functionality of web applications...

The role of teaching technologies in the development of speech and written speech in the English language

This article discusses the formation of language learning skills in the process of learning English to improve independent writing skills of students using information technology and the development of their creative abilities.

Pattern and image recognition with neural networks

The most popular application of neural networks is visual image recognition. Today, networks are being created in which machines can successfully identify symbols on paper and bank cards, signatures on official documents and objects. These functions ...

Way of providing information

The subject of the study is the method of information transmission. The objective of the study is to improve the efficiency of radio communication by increasing the spatial stealth. Analysis of spatial and temporal characteristics of radio channel ...

Using English teaching applications in an EFL classroom for primary and secondary schoolchildren

This article discusses the idea of using English mobile and web applications in an EFL classroom to aid pupils to increase their productivity and learning process. Various applications to use in the learning process and at home as a self-instrument f...

Monetizing programming skills, or How to build a Business with a laptop in hands

Given the development of the availability of the Internet and computer technology in general, the demand for specialists who are able to create and maintain websites in working condition has sharply increased. This is due to the fact that people's pr...

The usage of modern technology in the improvement of speaking skills

The article deals with some problems of speaking and how to overcome its barriers in B2level. The article examines the difficulties connected with choosing the appropriate approach and discusses to input the typical patterns of tasks with the help of...

The use of innovative methods in education

The article presents the types and benefits of interactive methods, as a form of innovative learning. Also, an algorithm for conducting an interactive lesson is presented, and also features of carrying out its main part are stated. The features of ca...

Technologies for the development of critical thinking for the implementation of a personality-oriented model of teaching a foreign language

This article deals with the issue of developing students’ critical thinking abilities. The study of this problem is due to the importance of forming abilities to analyse and process the received information.

Похожие статьи

To the question of practical use of ''Smart home'' system

The article focuses on the design and creation process of the automated integrated system for monitoring and control of home appliances and other things used in a person's everyday life. The following advantages of the system are taken into considera...

Selection of backend technologies for creation of web application

The article is devoted to analyzing various server technologies required for creating web applications. In the process of research, the importance of these technologies for providing performance, scalability and high functionality of web applications...

The role of teaching technologies in the development of speech and written speech in the English language

This article discusses the formation of language learning skills in the process of learning English to improve independent writing skills of students using information technology and the development of their creative abilities.

Pattern and image recognition with neural networks

The most popular application of neural networks is visual image recognition. Today, networks are being created in which machines can successfully identify symbols on paper and bank cards, signatures on official documents and objects. These functions ...

Way of providing information

The subject of the study is the method of information transmission. The objective of the study is to improve the efficiency of radio communication by increasing the spatial stealth. Analysis of spatial and temporal characteristics of radio channel ...

Using English teaching applications in an EFL classroom for primary and secondary schoolchildren

This article discusses the idea of using English mobile and web applications in an EFL classroom to aid pupils to increase their productivity and learning process. Various applications to use in the learning process and at home as a self-instrument f...

Monetizing programming skills, or How to build a Business with a laptop in hands

Given the development of the availability of the Internet and computer technology in general, the demand for specialists who are able to create and maintain websites in working condition has sharply increased. This is due to the fact that people's pr...

The usage of modern technology in the improvement of speaking skills

The article deals with some problems of speaking and how to overcome its barriers in B2level. The article examines the difficulties connected with choosing the appropriate approach and discusses to input the typical patterns of tasks with the help of...

The use of innovative methods in education

The article presents the types and benefits of interactive methods, as a form of innovative learning. Also, an algorithm for conducting an interactive lesson is presented, and also features of carrying out its main part are stated. The features of ca...

Technologies for the development of critical thinking for the implementation of a personality-oriented model of teaching a foreign language

This article deals with the issue of developing students’ critical thinking abilities. The study of this problem is due to the importance of forming abilities to analyse and process the received information.

Задать вопрос