UDC 004.056.
DOI: 10.36871/ek.up.p.r.2024.12.10.012
Authors
Mariam A. Borlakova,
North Caucasian State Academy
Said I. Eltaev,
Grozny State Petroleum Technical University named
after Academician M. D. Millionshchikov
Movladi I. Isaev,
Chechen State University named after A. A. Kadyrov
Abstract
This article discusses methods and approaches to detecting and preventing attacks caused by JavaScript vulnerabilities in modern web applications. The main focus is on the analysis of the most common types of attacks, including cross-site scripting (XSS), cross-site request forgery (CSRF), clickjacking, and exploitation of third-party library vulnerabilities. Threat detection algorithms based on static and dynamic code analysis, signature and behavioral analysis, as well as machine learning methods are presented. Architectural approaches to preventing attacks are described, including the implementation of Content Security Policy (CSP), the use of CSRF tokens, and WAF (Web Application Firewall)-based protection. Code analysis and monitoring tools such as ESLint, SonarQube, OWASP ZAP, and Snyk are considered. The study provides recommendations for integrating analysis tools and protection methods into the DevSecOps and CI/CD process. The main conclusion of the article is the need to use a multi-layered approach to protecting web applications, combining code analysis methods, dynamic analysis, and the use of automated protection systems.
Keywords
JavaScript vulnerabilities, cross-site scripting (XSS), request forgery (CSRF), clickjacking, static analysis, dynamic analysis, WAF, IDS, DevSecOps, code analysis
