VEB ILOVA ZAIFLIKLARINI ANIQLASH.

Authors

  • Radjabova Madina Shavkatovna Toshkent axborot texnologiyalari unversitetining “Kiberxavfsizlik va kriminalistika ” kafedrasi oʼqituvchi-stajyor
  • Xafizov Shukurullo Fayzullo oʼgʼli
  • Qurbonmurodov Diyorbek Ulugʼbek oʼgʼli Kiberxavfsizlik fakulteti talabalari

Keywords:

Veb ilova zaifliklari, skaner, Wapiti, Benchmark

Abstract

Veb ilovalardagi tez-tez uchraydigan zaiflik turlari hissoblangan SQL injection, XSS, LDAP, Command injection zaifliklari  to’liq tahlil qilindi. Veb ilovalar zaifliklarini aniqlash uchun foydalaniladigan tijorat va ochiq kodli skanerlar Burp Suite, W3af, Wapiti, Watbo, OWASP Zap va Arachni haqida funksional jihatdan bazi o’rganishlar olib borildi. Veb ilovalardagi zaifliklarni aniqlashda dinamik ilovalar xavfsizligi testi va statik ilovalar xavfsizligi testi o’rganib chiqiladi.

References

O’zbekiston Respublikasi Prezidentining Farmoni, 2022 — 2026-yillarga mo’ljallangan yangi O’zbekistonning taraqqiyot strategiyasi to’g’risida. 2022-yil.

Core_Security. (2018). What is Penetration Testing Available: https://www.coresecurity.com/content/penetration-testing

T.Laskos. (2017). Arachni Apllication Security Scanner Framework.

INFOSEC_Institute. (2016). The History of Penetration Testing.

OWASP. (2016). Fuzzing. Available: https://www.owasp.org/index.php/Fuzzing

Z. T. Watson_ C., "Automated-threat-handbook," 2016.

A. C. Barus, D. I. P. Hutasoit, J. H. Siringoringo, and Y. A. Siahaan, "White box testing tool prototype development," in 2015 International Conference on Electrical Engineering and Informatics (ICEEI), 2015, pp. 417-422.

S. Xu, L. Chen, C. Wang, va O. Rud, "A comparative study on black-box testing with open source applications," 2016 IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2016, pp. 527-532.

Information Security Stack Exchange. (2017). Effectiveness of Interactive Application Security Testing.

P. E. Black, "Static Analyzers in Software Engineering.pdf," National Institute of Standards and Technology2009.

Skoussa. (2018, January). What do SAST, DAST, IAST and RASP mean to developers.

Y. Wang and J. Yang, "Ethical hacking and network defense: Choose your best network vulnerability scanning tool," in Proceedings - 31st IEEE International Conference on Advanced Information Networking and Applications Workshops, WAINA 2017, 2017, pp. 110-113.

OWASP. (2017). OWASP Top Ten Project. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_1 0_for_2017_Release_Candidate_1

OWASP. (2016). Cross Site Scripting. London

PortSwigger_Ltd. (2018, 2018). SQL injection.

R. K., "A benchmark approach to analyse the security of web frameworks," Master, Computer Science, Radboud University Nijmegen, Nijmegen, Netherlands, 2014.

Infosec_Institute. (2018). File-Inclusion Attack.

M. El, E. McMahon, S. Samtani, M. Patton, and H. Chen, "Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments," in 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017, pp. 83-88.

PENTESTGEEK. (2018). WHAT IS BURP SUITE. Link: https://www.pentestgeek.com/what- is-burpsuite

Downloads

Published

2023-02-14

Issue

Section

Articles