JAVASCRIPT SECURITY USING CRYPTOGRAPHIC HASH FUNCTIONS

Abstract

The subject of this research is the development of methods of protection against attacks on third-party JavaScript and the document object model (DOM). The purpose of the article is to develop an algorithm and determine the effectiveness of using cryptographic hash functions as one of the methods of protection against attacks on third-party JavaScript resources. The third-party JavaScript code download chain may consist of three or four third-party websites. From a security point of view, this creates a risk of attack on a third-party resource. If the attacker compromises one of the third-party resources, this will affect the entire chain using this resource. Based on these conditions, it is indispensable to solve the following tasks : to develop a secure algorithm for hash functions for protecting applications in JavaScript, which will constantly monitor changes that occur on a web page; determine the advantages and disadvantages of the method in real operating conditions. In the process of the study, the following results were obtained: the problems of writing safe code in JS were considered, the algorithm for using cryptographic hash functions was proposed, the essence of which is that the hash is calculated at the first moment of loading a third-party resource. Each time a third-party resource is loaded, the algorithm calculates its hash and compares it with the value of the first hash. It is established that cryptographic hash functions on the example of sha384 have the property of an avalanche effect. It is recommended to use this method for web pages with mission-critical operations, such as payment pages, registration, password reset or account login. Their strengths and weaknesses were also revealed in the process of improving the JavaScript protection method.