INFORMATION SYSTEMS. COMPUTER SCIENCES. ISSUES OF INFORMATION SECURITY
To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.
The paper addresses the development of technology for controlling access to digital portals and platforms based on assessments of personal characteristics of user behavior built into the interface. In distributed digital platforms and portals using personal data, big data is collected and processed using specialized applications using computer networks. In accordance with the law, the data is stored on internal corporate servers and data centers. Special attention is paid to the tasks of differentiation and control of access in modern information systems. Wide availability and mass scale of services should be accompanied by more careful control and user verification. Access control to such systems cannot be ensured only through technologies and information security tools; efficiency can be increased through software and hardware architectural solutions. The paper proposes to expand the currently developing SIEM technology (Security information and event management), which combines the concept of security event management and information security management, with blocks of user behavior analysis. As a characteristic that can be measured without overloading communication channels and is independent of the type of device used, the psychomotor reaction time is proposed, measured as the performance of actions with the interface. A technological solution has been developed for implementation in a wide range of digital platforms: banking, medical, educational, etc. The results of experimental research using a digital platform of mass psychological research are presented. For the research, data from a mass survey were used when answering (in the form of a choice from the available options) to questions about the level of education. Analysis of the reaction time data showed the possibility of standardization and the same indicators of specific users when answering different questions.
MODERN RADIO ENGINEERING AND TELECOMMUNICATION SYSTEMS
Electrical energy from power plants to industrial facilities and settlements is mostly transmitted by wire-connected air or underground lines covering vast territories. However, in some rare cases there is a need for wireless transmission of electrical power to objects located in hard-to-reach areas. The problem of wireless transmission of electrical energy will become especially urgent as space electric power industry based on the placement of solar power plants in outer space is being developed. In this regard, several countries are conducting studies on the problem of electrical energy transmission using both laser and microwave radiation. The fundamentals of building systems for wireless transmission of electrical energy over short distances using microwave radiation are considered. Two options for constructing such systems are analyzed and calculated: using parabolic antennas and using phased array antennas. For both options the main parameters of systems for wireless transmission of electrical energy at 200 m were calculated. In the first case, powerful microwave devices are used: a magnetron or a direct-flight klystron; in the second case, microwave powerful field-effect transistors. For the second option the summation of the powers of microwave generators by means of their mutual synchronization is proposed.
Antennas are one of the main elements of radio engineering systems. Phased antenna arrays (PAR), which make it possible to regulate the direction of radiation due to the ability to control the phases or phase differences of the emitted signal, are the most effective types of antennas. The size, design and shape of the PAR depend on the tasks to be solved, the type of emitters and the nature of their location. The article discusses the transformation of an equidistant PAR into a non-equidistant antenna array in order to reduce the level of side lobes and suppress diffraction maxima with a given minimum distance between the emitters. A model of a non-equidistant antenna array and calculation formulas for its analysis are presented. The method presented in the work based on iterative calculation methods makes it possible to select the main parameters of a non-equidistant PAR taking into account the bonds formed between neighboring radiating elements. The coordinates of the emitter elements of the non-equidistant PAR were calculated in a program using the MATLAB language. At the same time, a method was implemented to search for the optimal arrangement of emitters relative to each other, in which the directional pattern of the antenna array will have a minimum level of diffraction maxima and the required level of side lobe. According to the results of the program execution, the coordinates of the new non-equidistant PAR were obtained. The non-equidistant phased array antenna simulated according to the calculation results showed a complete absence of diffraction maxima, in contrast to the equidistant array, but it was not possible to sufficiently obtain the required level of side lobes. The calculated antenna radiation patterns presented for comparison showed the advantages of a non-equidistant antenn array.
MICRO- AND NANOELECTRONICS. CONDENSED MATTER PHYSICS
ANALYTICAL INSTRUMENT ENGINEERING AND TECHNOLOGY
MATHEMATICAL MODELING
ISSN 2500-316X (Online)