A new method of security development for web services based on moving target defense (MTD) technolo- gies

Download article in PDF format

Authors: Styugin M. A.

Annotation: This article describes a new method of security development for web services based on moving target defense (MTD) technologies. This method addresses the security of websites from attackers that employ SQL-injection, cross-site scripting, etc. The system interaction is built so that when the adversary tries to investigate the system structure, he obtains ever-increasing complexity of information from the system. These technologies allow us to defend websites from users with malicious intent and to research the behavior of those attackers. Researching the behavior of such intruders affords us the opportunity to find new vulnerabilities. This paper provides the examples of these technologies.

Keywords: information security, moving target defense, sql-injection, protection from research

Editorial office address

Executive Secretary of the Editor’s Office

 Editor’s Office: 40 Lenina Prospect, Tomsk, 634050, Russia

  Phone / Fax: + 7 (3822) 701-582

  journal@tusur.ru

 

Viktor N. Maslennikov

Executive Secretary of the Editor’s Office

 Editor’s Office: 40 Lenina Prospect, Tomsk, 634050, Russia

  Phone / Fax: + 7 (3822) 51-21-21 / 51-43-02

  vnmas@tusur.ru

Subscription for updates