INFORMATION TECHNOLOGY OF SOFTWARE DATA SECURITY MONITORING

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.23.7184

Keywords:

application security; data monitoring; Cross-site Scripting; SQL-injections; input validation; validation errors.

Abstract

The article proposes an overview of an information technology of software data security monitoring with the aim of increasing the security of auxiliary and end-user software in run-time using the designed universal architecture with the capabilities of synchronized data security validation processes in client-server interactions and integration into software development technologies using unified interfaces for specifying extensible sets of validation rules. An analysis of the subject area was conducted, during which it was established that the tasks of software data security validation are included in the requirements of well-known data security standards, and the related vulnerabilities are noted as highly important. It was also established that the traditional monitoring of only software input data is not enough, therefore the problem of security monitoring of various categories of software data is relevant. The capabilities of existing tools to monitor security and correctness of software data are incomplete: focus on certain categories of data, platform dependency, narrow integration capabilities with other software development tools, limited usage, complex or limited extensibility, difficult reuse of well-known verified solutions etc. Based on the analysis of the existing software data security monitoring tools, the cons of the existing implementations were identified, and a universal architecture of the software framework was proposed as a solution. The analysis of the vulnerabilities of various categories of software data was conducted along with the recommended methods of implementation of data security. Discovered methods of data security implementation were used in the proposed solution. The article examines the structure of the proposed information technology, provides the universal architecture of the software framework, demonstrates the verification of the work of the developed tool, and provides the assessment of the effectiveness of usage of the data security monitoring framework in software development. The proposed architecture and directions of further improvements of the framework allow significant extension of its functionality and easy integration into popular software development technologies. It is assumed that the developed information technology of software data security monitoring will be widely used in commercial software development as well as in educational and scientific appliance.

Downloads

Download data is not yet available.

References

Demography of Europe - A growing population until 2020. (n.d.). Language selection | European Commission. https://ec.europa.eu/eurostat/web/interactive-publications/digitalisation-2023.

Official PCI Security Standards Council Site. (n.d.). PCI Security Standards Council. https://www.pcisecuritystandards.org

CWE - CWE-20: Improper Input Validation (4.14). (n.d.). CWE - Common Weakness Enumeration. https://cwe.mitre.org/data/definitions/20.html

Security Knowledge Framework. (n.d.). Security Knowledge Framework. https://www.securityknowledgeframework.org

OWASP Web Security Testing Guide|OWASP Foundation. (n.d.). OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. https://owasp.org/www-project-web-security-testing-guide

OWASP Top Ten|OWASP Foundation. (n.d.). OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. https://owasp.org/www-project-top-ten

Fowler, M. (2002). Patterns of Enterprise Application Architecture. Addison-Wesley Professional.

Martin, R. (2017). Clean Architecture: A Craftsman’s Guide to Software Structure and Design. Pearson Education Asia.

REST Security - OWASP Cheat Sheet Series. (n.d.). Introduction - OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#input-validation

WSTG - Stable | OWASP Foundation. (n.d.). OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing.

P of EAA: Data Transfer Object. (n.d.). martinfowler.com. https://martinfowler.com/eaaCatalog/dataTransferObject.html

Smith, J. (2021). Entity Framework Core in Action, Second Edition. Manning Publications Co. LLC.

Lerman, J. (2010). Programming Entity Framework: Building Data Centric Apps with the Ado. Net Entity Framework. O’Reilly Media, Incorporated.

A Taxonomy of Coding Errors that Affect Security. (n.d.). Software Security|Setting Manipulation. https://vulncat.fortify.com/en/detail?id=desc.dataflow.cfml.setting_manipu-lation.

Programming languages rating 2023. (2023). Сommunity of programmers|DOU. https://dou.ua/lenta/articles/language-rating-2023

FluentValidation — FluentValidation documentation. (n.d.). FluentValidation — FluentValidation documentation. https://docs.fluentvalidation.net/en/latest

Jakarta Bean Validation - Home. (n.d.). Jakarta Bean Validation - Home. https://beanvalidation.org

GitHub - jquense/yup at pre-v1. (n.d.). GitHub. https://github.com/jquense/yup/tree/pre-v1

Downloads


Abstract views: 122

Published

2024-03-28

How to Cite

Kupershtein, L., Lutsyshyn, H., & Krentsin, M. (2024). INFORMATION TECHNOLOGY OF SOFTWARE DATA SECURITY MONITORING. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(23), 71–84. https://doi.org/10.28925/2663-4023.2024.23.7184