<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">bsuir</journal-id><journal-title-group><journal-title xml:lang="ru">Доклады БГУИР</journal-title><trans-title-group xml:lang="en"><trans-title>Doklady BGUIR</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1729-7648</issn><issn pub-type="epub">2708-0382</issn><publisher><publisher-name>БГУИР</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">bsuir-605</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Статьи</subject></subj-group></article-categories><title-group><article-title>МОДЕЛЬ ОБНАРУЖЕНИЯ УЯЗВИМОСТЕЙ В WEB-ПРИЛОЖЕНИЯХ</article-title><trans-title-group xml:lang="en"><trans-title>A web-application vulnerability detection model</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бахтизин</surname><given-names>В. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Bakhtizin</surname><given-names>V. V.</given-names></name></name-alternatives><email xlink:type="simple">noemail@neicon.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Оношко</surname><given-names>Д. Е.</given-names></name><name name-style="western" xml:lang="en"><surname>Onoshko</surname><given-names>D. E.</given-names></name></name-alternatives><email xlink:type="simple">noemail@neicon.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff xml:lang="ru" id="aff-1"><institution>Белорусский государственный университет информатики и радиоэлектроники</institution><country>Belarus</country></aff><pub-date pub-type="collection"><year>2016</year></pub-date><pub-date pub-type="epub"><day>03</day><month>06</month><year>2019</year></pub-date><volume>0</volume><issue>1</issue><fpage>5</fpage><lpage>11</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Бахтизин В.В., Оношко Д.Е., 2019</copyright-statement><copyright-year>2019</copyright-year><copyright-holder xml:lang="ru">Бахтизин В.В., Оношко Д.Е.</copyright-holder><copyright-holder xml:lang="en">Bakhtizin V.V., Onoshko D.E.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://doklady.bsuir.by/jour/article/view/605">https://doklady.bsuir.by/jour/article/view/605</self-uri><abstract><p>Предложена модель обнаружения уязвимостей в web-приложениях, основанная на статическом анализе исходных кодов. Приводится описание положенной в основу модели системы оценок. Рассматриваются способы расширения модели для некоторых сложных случаев ее применения.</p></abstract><trans-abstract xml:lang="en"><p>A web-application vulnerability detection model based on static analysis of source codes is proposed. Evaluation system used by the vulnerability detection model is described. Several ways of extending the model for certain difficult cases are shown.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>статический анализ</kwd><kwd>уязвимость</kwd></kwd-group><kwd-group xml:lang="en"><kwd>web-приложение</kwd><kwd>SQL-инъекция</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">OWASP Top 10-2013. The Ten Most Critical Web Application Security Risks. [Электронный ресурс]. - Режим доступа: http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf. - Дата доступа: 31.10.2013.</mixed-citation><mixed-citation xml:lang="en">OWASP Top 10-2013. The Ten Most Critical Web Application Security Risks. [Электронный ресурс]. - Режим доступа: http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf. - Дата доступа: 31.10.2013.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Фаулер М. Архитектура корпоративных программных приложений. М., 2006.</mixed-citation><mixed-citation xml:lang="en">Фаулер М. Архитектура корпоративных программных приложений. М., 2006.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Patrick Cousot, Radhia Cousot // Conference Record of the Fourth ACM Symposium on Principles of Programming Languages. Los Angeles, California, USA, January, 1977. P. 238-252</mixed-citation><mixed-citation xml:lang="en">Patrick Cousot, Radhia Cousot // Conference Record of the Fourth ACM Symposium on Principles of Programming Languages. Los Angeles, California, USA, January, 1977. P. 238-252</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Making Wrong Code Look Wrong - Joel on Software. [Электронный ресурс]. - Режим доступа: http://www.joelonsoftware.com/articles/Wrong.html. - Дата доступа: 21.12.2014.</mixed-citation><mixed-citation xml:lang="en">Making Wrong Code Look Wrong - Joel on Software. [Электронный ресурс]. - Режим доступа: http://www.joelonsoftware.com/articles/Wrong.html. - Дата доступа: 21.12.2014.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
