Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture
Annotatsiya
Web applications are developed in several languages and deployed in various operating systems. This is due to the various functions that the web application provides to its users. E-commerce applications must take into account the various interfaces required for interoperability, security, and availability of a web application. Consequently, applications are developed using various languages, such as PHP, ASP, JSP, .NET, Python, etc. based on web application requirements. Applications are constantly checked for vulnerabilities, and when they are vulnerable, they can be attacked. Research data shows that about 70 % of web applications are vulnerable to attacks from the XSS form. This is due to the fact that users are allowed to enter data in text fields in web application forms. This increases the threat to the web application, allowing hackers to embed malicious content into the web application. This article presents a new solution for blocking Cross-Site Scripting (XSS) attacks, which does not depend on the languages in which web applications are developed, and eliminates XSS vulnerabilities arising from other interfaces. The solution aims to provide independent services with specific interfaces that can be invoked to perform their tasks in a standard way, without prior knowledge of the calling application by the service and without the application knowing how the service actually performs its tasks. The solution is based on a service-oriented architecture (SOA) approach. A method has been developed for blocking vulnerabilities of the XSS type based on the ability to protect applications from XSS attacks using XML and XSD. This includes creating an XML document based on all form controls submitted by the user.