Abstract
The development of technologies leads to the expansion of the range of services provided on the Internet, the online business is actively developing. As a rule, when creating a new Web resource for business, the main emphasis is on the need to stand out among the sites of competitors. Often, the owners of Web resources understood the possible consequences of cyber-incident only after when their resource was attacked. This paper discusses the frequent causes of attacks of Web-applications created with the content management systems. A content management system allows to create sites without directly writing code. The main sources of information about frequent security problems of Web-resources are documents of organizations OWASP, SANS, Positive Technologies. Due to the high activity of intruders, it is necessary to create methods for assessing the security of the Web-application and methods for countering attacks. In the paper, the need to assess the probability of a successful attack of Web-applications is conditioned. In practice, it is impossible to determine all possible attack scenarios, because each Web-application has its own functionality. The frequent attack scenarios on which the tree was built are investigated. The method of estimating the probabilities of basic events using expert assessments based on the results of the preliminary implementation of a set of measures to identify the security problems is used. The developed method of assessing security allows to consider not only possible vulnerabilities in the source code, but also possible security policy violations. The proposed method can be applied by business entities working in the field of information security, when choosing security measures for a particular Web-application. A further direction of research is the development of a method for choosing countermeasures based on the described method. The method should demonstrate the effect of each countermeasure on the probability of a successful attack
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
