Document Object Model Cross Site Scripting Vulnerability Testing
Închide
Articolul precedent
Articolul urmator
659 5
Ultima descărcare din IBN:
2022-11-06 22:24
Căutarea după subiecte
similare conform CZU
004.942 (25)
Informatică aplicată. Tehnici bazate pe calculator cu aplicații practice (438)
SM ISO690:2012
KOVALENKO, Oleksandr, SMIRNOV, Oleksii, SMIRNOV, Sergii , KOVALENKO, Anna. Document Object Model Cross Site Scripting Vulnerability Testing. In: Information Technologies, Systems And Networks, 17-18 octombrie 2017, Chisinau. Chisinau: Editura ULIM, 2017, Volumul 1, pp. 223-230. ISBN 978-9975-45-069-0.
EXPORT metadate:
Google Scholar
Crossref
CERIF

DataCite
Dublin Core
Information Technologies, Systems And Networks
Volumul 1, 2017
Conferința "Information Technologies, Systems And Networks"
Chisinau, Moldova, 17-18 octombrie 2017

Document Object Model Cross Site Scripting Vulnerability Testing

CZU: 004.942

Pag. 223-230

Kovalenko Oleksandr, Smirnov Oleksii, Smirnov Sergii , Kovalenko Anna
 
Central Ukrainian National Technical University Kropyvnytsky
 
Disponibil în IBN: 15 martie 2018


Rezumat

The paper presents research results and vulnerability testing algorithms for one of the most common types of attacks on Web-based applications - cross site scripting - XSS (Cross Site Scripting) - DOM XSS. Cross-site scripting is an error of validating user data, which allows to pass JavaScript code for execution in the user's browser. Attacks of this kind are often also called HTML injections, because the implementation mechanism is very similar to SQL injections, but unlike the latter, the implemented code is executed in the user's browser. The approach of mathematical modeling based on GERT-networks is chosen. The research has shown that GERT (Graphical Evaluation and Review Technique) is a method of studying and analyzing stochastic networks used to describe the logical relationship between parts of a project or process steps. The main goal of GERT is to evaluate the logic of the network and the duration of activity and to make a conclusion concerning the need to perform certain activities. A method for testing Web-applications and a corresponding set of mathematical models has been developed. The mathematical modeling is based on the GERT-network synthesis approach. As a result, mathematical models of the DOM XSS vulnerability testing method have been developed. The mathematical model of the DOM XSS vulnerability testing method differs from the known by taking into account the execution or analysis of the DOM structure. The developed method can be used when testing the vulnerability of a Web application.

Cuvinte-cheie
testing, vulnerability, Security, modeling, network, attack, web, application, stochastic