СУЧАСНІ ТЕХНОЛОГІЇ ТЕСТУВАННЯ І ЗАХИСТУ ВЕБ-СТОРІНОК

The use of web-pages in almost all spheres of modern society results in the need for improvement of their quality both in terms of content completeness and convenience and security. An analysis of current threats to the security of web-pages allowed to distinguish the following: Injection; Broken Authentication; Sensitive Data Exposure; XML External Entities; Broken Access Control; Security Misconfiguration; Cross-Site Scripting; Insecure Deserialization; Using Components with Known Vulnerabilities; Insufficient Logging & Monitoring. Methods to prevent the listed threats have been analyzed. It is recommended to scan websites for vulnerabilities with such scaners as Scan My Server, SUCURI, Qualys SSL Labs, Qualys FreeScan, Quttera, Detectify, SiteGuarding, Web Inspector, Acunetix, Netsparker Cloud, UpGuard Web Scan, Tinfoil Security, Observatory.