ВИЯВЛЕННЯ ТА ЗАПОБІГАННЯ АТАК З ПЕРЕВІРКОЮ ВВОДУ У ВЕБ-ДОДАТКИ ПРИ ВИКОРИСТАННІ ДЕТЕРМІНОВАНИХ АВТОМАТІВ ІЗ МАГАЗИННОЮ ПАМ’ЯТТЮ
The proper validation of input and sanitization is critical issue in developing web applications. Errors and flaws in validation operations resulting in malicious behavior in web application can be easily exploited by attackers. Since attackers are rapidly developing their skills and abilities they...
Gespeichert in:
| Datum: | 2025 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | English |
| Veröffentlicht: |
V.M. Glushkov Institute of Cybernetics of NAS of Ukraine
2025
|
| Schlagworte: | |
| Online Zugang: | https://jais.net.ua/index.php/files/article/view/682 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Назва журналу: | Problems of Control and Informatics |
Institution
Problems of Control and Informatics| Zusammenfassung: | The proper validation of input and sanitization is critical issue in developing web applications. Errors and flaws in validation operations resulting in malicious behavior in web application can be easily exploited by attackers. Since attackers are rapidly developing their skills and abilities they focus on exploring vulnerabilities in the web applications and try to compromise confidentiality, integrity and availability of information system. Input Validation Attacks (IVAs) are the attacks where a hacker sends malicious inputs (cheat codes) to confuse a web application in order to have access or destroy back end of application without knowledge of users. Input validation serves as the first line of defense for such attacks. Examples of input validation attacks include Cross Site Scripting (XSS), SQL Injection Attack (SQLIA), buffer overflow and directory traversal. Using Input validation attacks hackers can steal the sensitive data which decrease organization market value. In this project, we investigate the problem of detection and removal of validation bugs both at the client-side and the server-side code by using our approach. In this paper we proposed new idea that makes it possible to able detect and prevent input validation attack using Static and Dynamic Analysis. |
|---|