Main Catalog Informatics, Computer Engineering and Control Methods and Systems of Information Protection, Information Security

Security in the Web applications

Authors: Glinskaya E.V., Bubnovich V.A.
Published in issue: #3(98)/2025
DOI:
Category: Informatics, Computer Engineering and Control \| Chapter: Methods and Systems of Information Protection, Information Security
Keywords: data protection, information security, web applications, cybercrime, API vulnerabilities, XSS attacks, DDoS attacks
Published: 29.06.2025

The article presents results of studying approaches to improve protection of the web applications from the key threats. Such threads include the SQL injections, cross-site scripting (XSS), DDoS attacks, and the API vulnerabilities. The paper proposes a developed multi-level approach to ensuring security, which includes both the prevention measures (data validation, access right limitation), and the active protection mechanisms (intrusion prevention systems, penetration tests). Introduction of these measures in the life cycle applications development makes it possible to reduce the number of vulnerabilities and increase applications resilience to the cyberattacks underway. Practical introduction of the OWASP methodology and the API security testing confirm efficiency of the proposed solutions in the real-life operation conditions.

References

[1] Sherkunov A.V. Web application security. Modern scientific research. The Second International Scientific and Practical Conference: collection of articles. Penza, Science and Enlightenment (IP Gulyaev G.Yu.) Publ., 2023, pp. 101–103. (In Russ.).

[2] Mungfarida R., Riadi I. Analysis of web server security against attacks using cross-site scripting (XSS) using penetration testing. International Journal of Computer Applications, 2022, vol. 184, no. 30, pp. 45–52.

[3] Alsaffar M., Aljalud S., Mohammed B.A., Al-Mehlafi Z.G., Almurayzik T.S., Alshammari G., Alshammari A. Detection of attacks using cross-site scripting (XSS). Electronics, 2022, vol. 11, no. 14, art. no. 2212.

[4] Surbakti K.J., Tulloh R., Jibran M.N. Implementation of an intrusion prevention system (IPS) to protect against DDOS attacks in Serangan. Journal of Computer Science of Pamulang University, 2023, vol. 8, no. 2, pp. 330–340.

[5] Patil N.V., Krishna K.R., Kumar K. KS-DDoS: an approach to classifying DDoS attacks based on Kafka streams. The Journal of Supercomputing, 2022, vol. 78, no. 6, pp. 8946–8976.

[6] Gandikota P.S.S.K., Valluri D., Mundru S.B., Yanala G.K., Sushaini S. Web Application security through integrated vulnerability assessment. Procedia Computer Science, 2023, volume 230, pp. 168–182.

[7] Tavolzhansky A.V. Web application security: best practices and vulnerabilities. 1C Industry. II region. scientific and practical conference: collection of art. Bryansk, Bryansk State Engineering and Technology. Univ. Publ., 2023, pp. 342–346. (In Russ.).

[8] Senkiv D.A. Audit as a means of ensuring information security of web applications and used computer systems. American Scientific Journal, 2020, vol. 40–2 (40), pp. 54–57.

[9] Aladi S.S. Web application security: a practical review. Digital Threats: Research and Practice, 2024, vol. 5 (2). https://doi.org/10.1145/3644394

[10] Idris M., Syarif I., Vinarno I. An educational platform for web application security based on the OWASP API Security Project. Source: International Journal of Engineering Technology, 2022, pp. 246–261. https://doi.org/10.24003/emitter.v10i2.705