ANALYSIS OF PROBLEMS AND OPPORTUNITIES FOR ENSURING THE SECURITY OF WEB APPLICATIONS CREATED WITH USING CONTENT MANAGEMENT SYSTEMS
DOI:
https://doi.org/10.26906/SUNZ.2019.1.133Keywords:
attack, security, Web application, content management system, penetration testingAbstract
Investigation of the processes of obtaining unauthorized access in content management systems is a scientific interest and provides an opportunity to develop effective methods of protection from intruders. The subject matter of the research is the processes of evaluating and ensuring the security of Web applications created with using content management systems. The goal of the paper is to determine the problems of evaluating and ensuring the security of Web applications. Results. The features of the use of content management systems as an object of research security issues are shown. The main reasons of successful attacks of Web applications are identified. Examples of existing security testing methods are shown; their advantages and disadvantages are identified. A set of actions aimed at reducing the successful attack probability is proposed. Conclusion. The problems of evaluating and ensuring the security of Web applications are identified. The need of creation methods to solve problems is determined; the relationship of tasks is shown.Downloads
References
Hacked Website Report 2017 [Електронний ресурс] – Режим доступу: https://sucuri.net/reports/Sucuri-Hacked-Report2017.pdf (дата звернення: 10.12.2018)
WAF and IPS. Does your environment need both? [Електронний ресурс] – Режим доступу: https://cybersins.com/securitywaf-ids-dilemma/ (дата звернення: 09.12.2018)
Sood, A. K. Targeted cyberattacks: a superset of advanced persistent threats / A. K. Sood, R. J. Enbody // IEEE security & privacy. – 2013. – Vol. 11(1). – P. 54-61.
А. Г. Тецкий. Применение деревьев атак для оценивания вероятности успешной атаки web-приложения // Радіоелектронні і комп’ютерні системи. – 2018. – № 3. – С. 74–79.
Web Application Security Testing Cheat Sheet [Електронний ресурс] – Режим доступу: https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet (дата звернення: 05.12.2018)
OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks [Електронний ресурс] – Режим доступу: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (дата звернення: 10.12.2018)
Why You Should Move Your Site to HTTPS: SEMrush Data Study [Електронний ресурс] – Режим доступу: https://www.semrush.com/blog/why-you-should-move-your-site-to-https-semrush-data-study/ (дата звернення: 01.12.2018)
HTTPS as a ranking signal [Електронний ресурс] – Режим доступу: https://webmasters.googleblog.com/2014/08/https-asranking-signal.html (дата звернення: 05.12.2018)
Kuchuk G.A. An Approach To Development Of Complex Metric For Multiservice Network Security Assessment / G.A. Kuchuk, A.A. Kovalenko, A.A. Mozhaev // Statistical Methods Of Signal and Data Processing (SMSDP – 2010): Proc. Int. Conf., October 13-14, 2010.– Kiev: NAU, RED, IEEE Ukraine section joint SP, 2010. – P. 158 – 160.
Saravana Balaji B., Amin Salih Mohammed, Chiai Al-Atroshi, “Adaptability of SOA in IoT Services – An Empirical Survey”, Int. Journal of Computer Applications, vol. 182(31), pp. 25-28, 2018, DOI: http://doi.org/10.5120/ijca2018918249
Tetskyi A. The method of selecting measures to protect the Web application against attacks // Сучасні інформаційні системи. – 2018. – Т. 2, № 4. – С. 114–118.
