<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mireabulletin</journal-id><journal-title-group><journal-title xml:lang="ru">Russian Technological Journal</journal-title><trans-title-group xml:lang="en"><trans-title>Russian Technological Journal</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2782-3210</issn><issn pub-type="epub">2500-316X</issn><publisher><publisher-name>RTU MIREA</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.32362/2500-316X-2020-8-6-9-33</article-id><article-id custom-type="elpub" pub-id-type="custom">mireabulletin-255</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ СИСТЕМЫ. ИНФОРМАТИКА. ПРОБЛЕМЫ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION SYSTEMS. COMPUTER SCIENCES. ISSUES OF INFORMATION SECURITY</subject></subj-group></article-categories><title-group><article-title>Модели и сценарии реализации угроз для интернет-ресурсов</article-title><trans-title-group xml:lang="en"><trans-title>Models and scenarios of implementation of threats for internet resources</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-6641-1609</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Лесько</surname><given-names>С. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Lesko</surname><given-names>S. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Лесько Сергей Александрович, кандидат технических наук, доцент кафедры «Прикладные информационные технологии» Института комплексной безопасности и специального приборостроения</p><p>119454, Москва, пр-т Вернадского, д. 78</p><p>Scopus Author ID: 57189664364</p></bio><bio xml:lang="en"><p>Sergey A. Lesko, Cand. Sci. (Engineering), Associate Professor of the Department «Applied information technology», Institute of Integrated Security and Special Instrumentation</p><p>78, Vernadskogo pr., Moscow 119454</p><p>Scopus Author ID: 57189664364</p></bio><email xlink:type="simple">lesko@mirea.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>МИРЭА – Российский технологический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>MIREA – Russian Technological University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2020</year></pub-date><pub-date pub-type="epub"><day>17</day><month>12</month><year>2020</year></pub-date><volume>8</volume><issue>6</issue><fpage>9</fpage><lpage>33</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Лесько С.А., 2020</copyright-statement><copyright-year>2020</copyright-year><copyright-holder xml:lang="ru">Лесько С.А.</copyright-holder><copyright-holder xml:lang="en">Lesko S.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.rtj-mirea.ru/jour/article/view/255">https://www.rtj-mirea.ru/jour/article/view/255</self-uri><abstract><p>Для облегчения обнаружения различных уязвимостей существует множество различных инструментов (сканеров), которые могут помочь в анализе безопасности веб-приложений и облегчить разработку их защиты. Но данные инструменты в большинстве своём могут только идентифицировать проблемы и не способны устранять их. Поэтому знания разработчика безопасности являются ключевым фактором при построении безопасного веб-ресурса. Для устранения проблем безопасности приложений разработчики должны знать все пути и векторы проведения различных атак для того, чтобы иметь возможность разрабатывать различные механизмы защиты. В данном обзоре рассмотрены две из наиболее опасных уязвимостей в сфере веб-технологий: SQL-инъекции и XSS-атаки (межсайтовый скриптинг, англ. CrossSite Scripting - XSS), а также конкретные случаи и примеры их применения, различные подходы к выявлению уязвимостей в приложениях и предотвращению угроз. Межсайтовый скриптинг также, как и атаки SQL-инъекций, связан с проверкой входных данных. Механизмы этих атак очень схожи, но в XSS-атаках жертвой является сам пользователь, а в атаках SQL-инъекцией – сервер базы данных (БД) веб-приложения. При XSS-атаках вредоносный контент доставляется пользователям с использованием языка программирования, выполняемого на стороне клиента, такого как JavaScript, а при использовании SQL-инъекции используется язык запросов к БД SQL. При этом XSS-атаки, в отличие от SQL-инъекций, наносят вред исключительно клиентской стороне, оставляя сервер приложения в рабочем состоянии. Разработчики должны разрабатывать защиту, как для серверных составляющих, так и для клиентской части веб-приложения.</p></abstract><trans-abstract xml:lang="en"><p>To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>компьютерная и сетевая безопасность</kwd><kwd>модели и сценарии угроз</kwd><kwd>интернет-ресурсы</kwd><kwd>SQL-инъекции</kwd><kwd>XSS-атаки (межсайтовый скриптинг)</kwd></kwd-group><kwd-group xml:lang="en"><kwd>computer and network security</kwd><kwd>threat models and scenarios</kwd><kwd>Internet resources</kwd><kwd>SQL injections</kwd><kwd>XSS attacks (crossite scripting)</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Kaur D., Kaur P. Empirical Analysis of Web Attacks. Procedia Computer Science. 2016;78:298-306. https://doi.org/10.1016/j.procs.2016.02.057</mixed-citation><mixed-citation xml:lang="en">Kaur D., Kaur P. Empirical Analysis of Web Attacks. Procedia Computer Science. 2016;78:298-306. https://doi.org/10.1016/j.procs.2016.02.057</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Nagpal B., Chauhan N., Singh N. A Survey on the detection of SQL injection attacks and their countermeasures. J. Inf. Process. Syst. 2017;13(4):689-702. https://doi.org/10.3745/JIPS.03.0024</mixed-citation><mixed-citation xml:lang="en">Nagpal B., Chauhan N., Singh N. A Survey on the detection of SQL injection attacks and their countermeasures. J. Inf. Process. Syst. 2017;13(4):689-702. https://doi.org/10.3745/JIPS.03.0024</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Wang K. and Hou Y. Detection method of SQL injection attack in cloud computing environment. In: 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). P. 487-493. https://doi.org/10.1109/IMCEC.2016.7867260</mixed-citation><mixed-citation xml:lang="en">Wang K. and Hou Y. Detection method of SQL injection attack in cloud computing environment. In: 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). P. 487-493. https://doi.org/10.1109/IMCEC.2016.7867260</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Hu H. Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system. In: 2017 AIP Conference Proceedings. 2017;1839(1):020205. https://doi.org/10.1063/1.4982570</mixed-citation><mixed-citation xml:lang="en">Hu H. Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system. In: 2017 AIP Conference Proceedings. 2017;1839(1):020205. https://doi.org/10.1063/1.4982570</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Lounis O., Guermeche S.E.B., Saoudi L., Benaicha S.E. A new algorithm for detecting SQL injection attack in Web application. In: 2014 Science and Information Conference (SAI) 2014. P. 589-594. https://doi.org/10.1109/SAI.2014.6918246</mixed-citation><mixed-citation xml:lang="en">Lounis O., Guermeche S.E.B., Saoudi L., Benaicha S.E. A new algorithm for detecting SQL injection attack in Web application. In: 2014 Science and Information Conference (SAI) 2014. P. 589-594. https://doi.org/10.1109/SAI.2014.6918246</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Voitovych O.P., Yuvkovetskyi O.S., Kupershtein L.M. SQL injection prevention system. In (2016) International Conference Radio Electronics &amp; Info Communications (UkrMiCo) 2016. P. 1-4. https://doi.org/10.1109/UkrMiCo.2016.7739642</mixed-citation><mixed-citation xml:lang="en">Voitovych O.P., Yuvkovetskyi O.S., Kupershtein L.M. SQL injection prevention system. In (2016) International Conference Radio Electronics &amp; Info Communications (UkrMiCo) 2016. P. 1-4. https://doi.org/10.1109/UkrMiCo.2016.7739642</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Razzaq A., Anwar Z., Ahmad H.F., Latif K., Munir F. Ontology for attack detection: An intelligent approach to Web application security. Computers &amp; Security. 2014;45:124-146. https://doi.org/10.1016/j.cose.2014.05.005</mixed-citation><mixed-citation xml:lang="en">Razzaq A., Anwar Z., Ahmad H.F., Latif K., Munir F. Ontology for attack detection: An intelligent approach to Web application security. Computers &amp; Security. 2014;45:124-146. https://doi.org/10.1016/j.cose.2014.05.005</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Vibhandik R., Bose A.K. Vulnerability assessment of Web applications – a testing approach. In: Forth International Conference on e-Technologies and Networks for Development (ICeND). 2015. P. 16-21. https://doi.org/10.1109/ICeND.2015.7328531</mixed-citation><mixed-citation xml:lang="en">Vibhandik R., Bose A.K. Vulnerability assessment of Web applications – a testing approach. In: Forth International Conference on e-Technologies and Networks for Development (ICeND). 2015. P. 16-21. https://doi.org/10.1109/ICeND.2015.7328531</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Sahu D.R., Tomar D.S. Analysis of Web application code vulnerabilities using secure coding standards. Arab. J. Sci. Eng. 2017;42(2):885-895. https://doi.org/10.1007/s13369-016-2362-5</mixed-citation><mixed-citation xml:lang="en">Sahu D.R., Tomar D.S. Analysis of Web application code vulnerabilities using secure coding standards. Arab. J. Sci. Eng. 2017;42(2):885-895. https://doi.org/10.1007/s13369-016-2362-5</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Shar L.K., Tan H.B.K. Predicting SQL injection and Cross site scripting vulnerabilities through mining input sanitization patterns. Inform. Software Tech. 2013;55(10):1767-1780. http://dx.doi.org/10.1016/j.infsof.2013.04.002</mixed-citation><mixed-citation xml:lang="en">Shar L.K., Tan H.B.K. Predicting SQL injection and Cross site scripting vulnerabilities through mining input sanitization patterns. Inform. Software Tech. 2013;55(10):1767-1780. http://dx.doi.org/10.1016/j.infsof.2013.04.002</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Canfora G., Visaggio C.A. A set of features to detect Web security threats. Journal of Computer Virology and Hacking Techniques. 2016;12(4):243-261. https://doi.org/10.1007/s11416-016-0266-2</mixed-citation><mixed-citation xml:lang="en">Canfora G., Visaggio C.A. A set of features to detect Web security threats. Journal of Computer Virology and Hacking Techniques. 2016;12(4):243-261. https://doi.org/10.1007/s11416-016-0266-2</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Wang C.-H., Zhou Y.-S. A new Cross-Site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions. In: International Computer Symposium (ICS). 2016. P. 264-269. https://doi.org/10.1109/ICS.2016.0060</mixed-citation><mixed-citation xml:lang="en">Wang C.-H., Zhou Y.-S. A new Cross-Site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions. In: International Computer Symposium (ICS). 2016. P. 264-269. https://doi.org/10.1109/ICS.2016.0060</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Alvarez E.D., Correa B.D., Arango I.F. An analysis of XSS, CSRF and SQL injection in colombian software and web site development. In: 8th Euro American Conference on Telematics and Information Systems (EATIS). 2016. P. 1-5. https://doi.org/10.1109/EATIS.2016.7520140</mixed-citation><mixed-citation xml:lang="en">Alvarez E.D., Correa B.D., Arango I.F. An analysis of XSS, CSRF and SQL injection in colombian software and web site development. In: 8th Euro American Conference on Telematics and Information Systems (EATIS). 2016. P. 1-5. https://doi.org/10.1109/EATIS.2016.7520140</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Gupta S., Gupta B. B. Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications. Procedia Computer Science. 2016;78:82-87. https://doi.org/10.1016/j.procs.2016.02.014</mixed-citation><mixed-citation xml:lang="en">Gupta S., Gupta B. B. Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications. Procedia Computer Science. 2016;78:82-87. https://doi.org/10.1016/j.procs.2016.02.014</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Vishnu B.A., Jevitha K.P. Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms. In: Procc. International Conference on Interdisciplinary Advances in Applied Computing 2014 (ICONIAAC '14). Article 55. https://doi.org/10.1145/2660859.2660969</mixed-citation><mixed-citation xml:lang="en">Vishnu B.A., Jevitha K.P. Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms. In: Procc. International Conference on Interdisciplinary Advances in Applied Computing 2014 (ICONIAAC '14). Article 55. https://doi.org/10.1145/2660859.2660969</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Shrivastava A., Choudhary S., Kumar A. XSS vulnerability assessment and prevention in web application. In: 2nd International Conference on Next Generation Computing Technologies (NGCT-2016). P. 850-853. https://doi.org/10.1109/NGCT.2016.7877529</mixed-citation><mixed-citation xml:lang="en">Shrivastava A., Choudhary S., Kumar A. XSS vulnerability assessment and prevention in web application. In: 2nd International Conference on Next Generation Computing Technologies (NGCT-2016). P. 850-853. https://doi.org/10.1109/NGCT.2016.7877529</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Sivakorn S., Keromytis A.D., Polakis J. That's the way the Cookie crumbles: Evaluating HTTPS enforcing mechanisms. In: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society (WPES '16). P. 71-81. http://dx.doi.org/10.1145/2994620.2994638</mixed-citation><mixed-citation xml:lang="en">Sivakorn S., Keromytis A.D., Polakis J. That's the way the Cookie crumbles: Evaluating HTTPS enforcing mechanisms. In: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society (WPES '16). P. 71-81. http://dx.doi.org/10.1145/2994620.2994638</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Wang R., Xu G., Zeng X., Li X., Feng Z. TT-XSS: A novel taint tracking based dynamic detection framework for DOM Cross-Site Scripting. J. Parallel Distrib. Comput. 2017;118(1):100-106. https://doi.org/10.1016/j.jpdc.2017.07.006</mixed-citation><mixed-citation xml:lang="en">Wang R., Xu G., Zeng X., Li X., Feng Z. TT-XSS: A novel taint tracking based dynamic detection framework for DOM Cross-Site Scripting. J. Parallel Distrib. Comput. 2017;118(1):100-106. https://doi.org/10.1016/j.jpdc.2017.07.006</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Zalbina M.R., Septian T.W., Stiawan D., Idris M.Y., Heryanto A., Budiarto R. Payload recognition and detection of Cross Site Scripting attack. In: 2nd International Conference on Anti-Cyber Crimes (ICACC-17). 2017. P. 172-176. https://doi.org/10.1109/Anti-Cybercrime.2017.7905285</mixed-citation><mixed-citation xml:lang="en">Zalbina M.R., Septian T.W., Stiawan D., Idris M.Y., Heryanto A., Budiarto R. Payload recognition and detection of Cross Site Scripting attack. In: 2nd International Conference on Anti-Cyber Crimes (ICACC-17). 2017. P. 172-176. https://doi.org/10.1109/Anti-Cybercrime.2017.7905285</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Jerkovic H., Vranesic P., Dadic S. Securing web content and services in open source content management systems. In: 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) 2016. P. 1402-1407. https://doi.org/10.1109/MIPRO.2016.7522359</mixed-citation><mixed-citation xml:lang="en">Jerkovic H., Vranesic P., Dadic S. Securing web content and services in open source content management systems. In: 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) 2016. P. 1402-1407. https://doi.org/10.1109/MIPRO.2016.7522359</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Zhang S., Wang W., Chen Z., Gu H., Liu J., Wang C. A web page malicious script detection system. In: 3rd International Conference on Cloud Computing and Intelligence Systems. IEEE 2014. P. 394-399. https://doi.org/10.1109/CCIS.2014.7175767</mixed-citation><mixed-citation xml:lang="en">Zhang S., Wang W., Chen Z., Gu H., Liu J., Wang C. A web page malicious script detection system. In: 3rd International Conference on Cloud Computing and Intelligence Systems. IEEE 2014. P. 394-399. https://doi.org/10.1109/CCIS.2014.7175767</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Rexha B., Halili A., Rrmoku K., Imeraj D. Impact of secure programming on web application vulnerabilities. In: International Conference on Computer Graphics, Vision and Information Security (CGVIS). 2015 IEEE. P. 61-66. https://doi.org/10.1109/cgvis.2015.7449894</mixed-citation><mixed-citation xml:lang="en">Rexha B., Halili A., Rrmoku K., Imeraj D. Impact of secure programming on web application vulnerabilities. In: International Conference on Computer Graphics, Vision and Information Security (CGVIS). 2015 IEEE. P. 61-66. https://doi.org/10.1109/cgvis.2015.7449894</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Filipe R., Araujo F. Client-side monitoring techniques for web sites. In: 15th International Symposium on Network Computing and Applications (NCA). 2016 IEEE. P. 363-366. https://doi.org/10.1109/NCA.2016.7778642</mixed-citation><mixed-citation xml:lang="en">Filipe R., Araujo F. Client-side monitoring techniques for web sites. In: 15th International Symposium on Network Computing and Applications (NCA). 2016 IEEE. P. 363-366. https://doi.org/10.1109/NCA.2016.7778642</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">Zachara M. Identification of scanning and attacks against web applications with graph-based modeling of users' behavior. In: 3rd IEEE International Conference on Cybernetics 2017 (CYBCONF). 8 p. https://doi.org/10.1109/CYBConf.2017.7985783</mixed-citation><mixed-citation xml:lang="en">Zachara M. Identification of scanning and attacks against web applications with graph-based modeling of users' behavior. In: 3rd IEEE International Conference on Cybernetics 2017 (CYBCONF). 8 p. https://doi.org/10.1109/CYBConf.2017.7985783</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Jemi Hazel J., Valarmathie P., Saravanan R. Guarding web application with multi-angled attack detection. In: International Conference on Soft-Computing and Network Security (ICSNS -2015). 4 p. https://doi.org/10.1109/ICSNS.2015.729238</mixed-citation><mixed-citation xml:lang="en">Jemi Hazel J., Valarmathie P., Saravanan R. Guarding web application with multi-angled attack detection. In: International Conference on Soft-Computing and Network Security (ICSNS -2015). 4 p. https://doi.org/10.1109/ICSNS.2015.729238</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
