GERT-network synthesis of vulnerability testing technology of web-applications

Authors

  • Олександр Володимирович Коваленко Central Ukrainian National Technical University

DOI:

https://doi.org/10.18372/2410-7840.20.12655

Keywords:

attacks on Web-applications, DOM XSS, SQL injections, GERT-networks

Abstract

The paper presents research results and vulnerability testing algorithms for one of the most common types of attacks on Web applications - DOM XSS and SQL injection. The approach of mathematical modeling based on GERT-networks is argued. A set of mathematical models of Web application testing technology has been developed. The basis of mathematical modeling is the approach of GERT-network synthesis. As a result, mathematical models of DOM XSS testing technology and vulnerability testing technology for SQL injections have been developed. The mathematical model of the DOM XSS testing technology vulnerability differs from the known, taking into account the execution or analysis of the DOM structure. The mathematical model of vulnerability testing technology for SQL injections differs from the known ones by an improved method of determining the distance between the results of injection.

Author Biography

Олександр Володимирович Коваленко, Central Ukrainian National Technical University

Candidate of Engineering Sciences, Associate Professor of Cybersecurity & Software Academic Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine

References

В. Ковалев, ГЕРТ-сетевой анализ мультеверсионных архитектур программного обеспечения. Успехи совре-менного естествознания, №9, С. 161-164, 2011.

А. Коваленко, А. Смирнов, Н. Якименко, А. Доренский, "Проблемы анализа и оценки рис-ков информационной деятельности", Системи об-робки інформації, № 3(140), С. 40-42, 2016.

А. Коваленко, А. Смирнов, "Методы качественно-го анализа и количественной оценки рисков ра-зработки программного обеспечения", Системи об-робки інформації, № 5(142), С. 153-157, 2016.

А. Коваленко, А. Смирнов, "Использование псе-вдобулевых методов бивалентного программиро-вания для управления рисками разработки про-граммного обеспечения", Системи управління, наві-гації та зв’язку, № 1 (37), С. 98-103, 2016.

А. Коваленко, "Метод управления рисками разра-ботки программного обеспечения", Системи управ-ління, навігації та зв’язку, № 2 (38), С. 93-100, 2016.

В. Липаев, Надежность и функциональная безопасность комплексов программ реального времени, 2013, 176 с.

С. Семенов, Г. Швачич, Т. Карпова, В. Волнянський, "Застосування багатопроцесор-них систем для удосконалення технологічних процесів", Системи обробки інформації, № 3(140), С. 221-226, 2016.

Spring Framework. [Electronic resource]. Online: http://projects.spring.io/spring-framework.

Fowler M. Inversion of Control Containers and the Dependency Injection pattern. Electronic resource]. Online: https://martinfowler.com/articles/injection.html.

Downloads

Published

2018-06-25

Issue

Vol. 20 No. 2 (2018)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).