JAVASCRIPT-BASED WEB EXPLOIT ANALYSIS MODEL
DOI:
https://doi.org/10.17721/ISTS.2024.8.17-25Keywords:
vulnerability, website, web application, web exploitation, web application analysis, vulnerability scanning, SQL, SQL, XSS, CSRFAbstract
B a c k g r o u n d . The task of ensuring the security of web applications and servers remains important and relevant in the face of the ever-increasing number of attacks in cyberspace. The use of various open-source content management systems (e.g. WordPress, Joomla, Open Journal Systems, Drupal), which are quite popular for creating websites due to their ease of installation and use, unfortunately, require constant updating not only to improve the content but also to ensure the security of the system. In this article, the authors focus on the WordPress system, although this approach can be used for other systems as well. The article emphasises the importance of early detection of vulnerabilities to prevent potential cyber threats and their negative consequences. The article proposes a model and a script designed to speed up the detection of vulnerabilities in WordPress applications. Automation of the scanning process with a custom script allows you to quickly detect vulnerabilities, ensuring prompt fixes and updates. This approach not only strengthens security, but also helps preserve the reputation of websites and brands, which is critical in today's digital environment.
M e t h o d s . The methods of analysing JavaScript-based web exploits were used, taking into account the general principles of their analysis and taking into account the methodologies for analysing web applications for vulnerabilities.
R e s u l t s . An improved model of analysing a web application on CMS Wordpress based on a script that provides automated scanning of a web application by running the following utilities is presented: NMAP, Dirb, Nikto, SQLMap, WPScan and PwnXSS. All the results are recorded in a separate file for further study of all the found security issues of the web application.
C o n c l u s i o n s . The developed model and script should help developers and testers speed up the process of identifying vulnerabilities in Wordpress, as they can run one script and get a voluminous and meaningful report with the identified vulnerabilities in a short time. This optimises vulnerability detection by automating the launch of scanners.
Downloads
References
Hoffman, A. (2024). Web Application Security. O'Reilly Media (2nd Ed.). Liang, Y. (2014). JavaScript Security. PACKT Publishing.
Noman, M., Iqbal, M., & Manzoor, A. (2020). A Survey on Detection and Prevention of Web Vulnerabilities. International Journal of Advanced Computer Science and Applications (IJACSA), 11(6). http://dx.doi.org/10.14569/IJACSA.2020.0110665
Rokia, A., & El Habib, N. (2022). Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review. Future Internet, 14(4). https://doi.org/10.3390/fi14040118
Stuttard, D., & Marcus Pinto, M. (2008). The Web Application Hacker's Handbook. Wiley Publishing.
