CYBERSECURITY ANALYSIS OF WEB-ORIENTED INDUSTRIAL IOT-SYSTEMS
DOI:
https://doi.org/10.30837/ITSSI.2023.24.131Keywords:
cyber security; IoT; Industry 4.0; web-oriented systems; web-application security; detection of vulnerabilities; detection of web attacksAbstract
In modern world cybersecurity ensuring is one of the most crucial issues, especially in the context of the dynamic development of web-oriented industrial Internet of Things (IoT) systems. The subject of research of the paper is cybersecurity ensuring of web-oriented industrial IoT systems. The purpose of the paper is to analyze existing methods of cybersecurity analysis, identify limitations, and formulate requirements for a new assessment concept, which includes ways to eliminate identified limitations. Tasks to be solved: analysis of existing methods, tools and technologies for the organization of web-oriented industrial IoT systems and the problems of ensuring their cyber security. Applied methods: source analysis, system analysis. Obtained results: The analysis of sources has shown that the problems of industrial IoT systems cybersecurity ensuring are relevant due to the use in one system of both the latest information technologies (IT) and traditional operational technologies (OT), such as industrial protocols, etc. In addition, the ever-increasing number and types of attacks aimed specifically at industrial IoT systems are additional drivers for the further development of the cybersecurity assessing and ensuring methods. A generalized concept of the cybersecurity assessing and ensuring process of web-oriented industrial IoT systems is proposed, which includes the stages of identification, analysis, security enhancement, detection and protection. Conclusions: The issue of the cybersecurity ensuring of the web-oriented industrial IoT systems is extremely relevant, and the existing analysis methods and ensuring means do not fully satisfy the existing requirements for such systems. That is why the development and implementation of the proposed concept of cybersecurity assessing and ensuring will allow to significantly influence the improvement of industrial IoT systems cybersecurity.
References
Список літератури
García-Valls M., Dubey A., Botti V. Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges. Journal of Systems Architecture. 2018. № 91. P. 83–102. DOI: https://doi.org/10.1016/j.sysarc.2018.05.007
W3C. The World Wide Web Consortium. The World Wide Web Consortium. 2021. URL: www.w3.org (дата звернення 30.05.2022).
Fielding R., Gettys J., Mogul J., Frystyk H., Masinter L., Leach P., Berners-Lee T. HyperText Transfer Protocol v1.1 HTTP (RFC 2616). The Internet Society: Reston, VA, USA. 1999. URL: https://datatracker.ietf.org/doc/html/rfc2616
Rescorla E. HTTP over TLS, RFC 1818. Internet Engineering Task Force. 2000. URL: https://datatracker.ietf.org/doc/rfc2818/
Fielding R. T. Representational State Transfer (REST). Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine. CA, USA. 2000. Vol. 5. P. 76–147. URL: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
Pedreira V., Barros D., Pinto P. A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead, Sensors. MDPI Journals, Sensors. 2021. Vol. 21(15). № 5189. DOI: https://doi.org/10.3390/s21155189
García-Valls M., Song L. Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities. MDPI Journals, Sensors. 2022. Vol. 22. № 5004. DOI: https://doi.org/10.3390/s22135004
Fang Z., Fu H., Gu T., Qian Z., Jaeger T., Hu P., Mohapatra P. A model checking-based security analysis framework for IoT systems. Journal of High-Confidence Computing. 2021. № 100004. DOI: https://doi.org/10.1016/j.hcc.2021.100004
Sarwar A., Alnajim A., Marwat S. N. K., Ahmed S., Alyahya S., Khan W. U. Enhanced Anomaly Detection System for IoT Based on Improved Dynamic SBPSO. MDPI Journals, Sensors. 2022. Vol. 22. № 4926. DOI: https://doi.org/10.3390/s22134926
Ervural B. C., Ervural B. Overview of Cyber Security in the Industry 4.0 Era. Managing The Digital Transformation. 2017. P. 267–284. DOI: https://doi.org/10.1007/978-3-319-57870-5_16
Alaoui R. L., Nfaoui E. H. Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review. MDPI Journals, Future Internet. 2022. Vol. 14. № 118. DOI: https://doi.org/10.3390/fi14040118
Al-Garadi M. A., Mohamed A., Al-Ali A. K., Guizani M., et al. A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security. IEEE Internet of Things Journal. 2020. № 19890478. DOI: https://doi.org/10.1109/COMST.2020.2988293
Shahid J., Hameed M. K., Javed I. T., Qureshi K. N., Ali M., Crespi N. A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. MDPI Journals, Applied Sciences. 2022. Vol. 12. № 4077. DOI: https://doi.org/10.3390/app12084077
Pathak G., Gutierrez J., Ghobakhlou A., Rehman S. U. LPWAN Key Exchange: A Centralised Lightweight Approach. MDPI Journals, Sensors. 2022. Vol. 22. № 5065. DOI: https://doi.org/10.3390/s22135065
Surej H. I., Ma M., Su R. A FeedForward–Convolutional Neural Network to Detect Low-Rate DoS in IoT. Engineering Applications of Artificial Intelligence. 2022. Vol. 114. № 105059. DOI: https://doi.org/10.1016/j.engappai.2022.105059
Ferrer B. R., Mohammed W. M., Chen E., Martinez Lastra J. L. Connecting Web-Based IoT Devices to a CloudBased Manufacturing Platform. IEEE Internet of Things Journal. 2017. № 17431808. DOI: https://doi.org/10.1109/IECON.2017.8217516
Aazam M., Zeadally S., Harras K. A. Deploying Fog Computing in Industrial Internet of Things and Industry 4.0. IEEE Internet of Things Journal. 2018. № 18133157. DOI: https://doi.org/10.1109/TII.2018.2855198
Kabla H., Anbar M., Manickam S., Al-Amiedy T. A., Cruspe P. B., Al-Ani A. K., Karuppayah S. Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive Review. IEEE Access Journal. 2022. Vol. 10. № 21863800. DOI: https://doi.org/10.1109/ACCESS.2022.3188637
Gupta A. The IoT Hacker’s Handbook. Apress Berkeley. CA, 2019. 320 p. DOI: https://doi.org/10.1007/978-1-4842-4300-8
Doupé A., Cova M., Vigna G. Why Johnny can’t pentest: An analysis of black-box web vulnerability scanners. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany. 2010. Springer: Berlin/Heidelberg. Germany. 2010. P. 111–131. DOI: https://doi.org/10.1007/978-3-642-14215-4_7
Bau J., Bursztein E., Gupta D., Mitchell J. State of the Art: Automated Black-Box Web Application Vulnerability Testing. IEEE Symposium on Security and Privacy. Oakland. CA. USA. 2010. P. 332–345. DOI: https://doi.org/10.1109/SP.2010.27
Parvez M., Zavarsky P., Khoury N. Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities. IEEE: Piscataway. NJ. USA. 2015. P. 186–191. DOI: https://doi.org/10.1109/ICITST.2015.7412085
Suteva N., Zlatkovski D., Mileva A. Evaluation and testing of several free/open source web vulnerability scanners. Conference for Informatics and Information Technology (CIIT 2013). Bitola. Macedonia. 2013. Р. 221–224. URL: https://www.researchgate.net/publication/261033249_Evaluation_and_Testing_of_Several_FreeOpen_Source_Web_Vulnerability_Scanners
Idrissi S., Berbiche N., Guerouate F., Shibi M. Performance evaluation of web application security scanners for prevention and protection against vulnerabilities. International Journal of Applied Engineering Research. 2017. Vol. 12. № 21. P. 11068–11076. URL: https://www.ripublication.com/ijaer17/ijaerv12n21_76.pdf
Momeni E., Cardie C., Diakopoulos N. A survey on assessment and ranking methodologies for user-generated content on the web. ACM Comput. Surv. (CSUR). 2015. Vol. 48(3). Р. 1–49. DOI: https://doi.org/10.1145/2811282
Kumar M., Majithia S., Bhushan S. An Efficient Model for Web Vulnerabilities Detection based on Probabilistic Classification. Int. J. Technol. Comput. (IJTC). Techlive Solut. 2016. P. 50–58. URL: www.semanticscholar.org/paper/An-Efficient-Model-for-Web-Vulnerabilities-based-on-Kumar-Majithia/f09ddc0501358e234a5f8e9ebec359beb91db8f1 (дата звернення 12.04.2022).
Raj G., Mahajan M., Singh D. Security testing for monitoring web service using Cloud. IEEE: Piscataway. NJ, USA. 2018. № 18043392. P. 316–321. DOI: https://doi.org/10.1109/ICACCE.2018.8441734
Ahmed M., Adil M., Latif S. Web application prototype: State-of-art survey evaluation. IEEE: Piscataway. NJ, USA. 2015. № 15756740. P. 19–24. DOI: https://doi.org/10.1109/NSEC.2015.7396339
Hasan A., Meva D. Web Application Safety by Penetration Testing. Int. J. Adv. Stud. Sci. Res. 2018. URL: www.academia.edu/38248493/Web_Application_Safety_by_Penetration_Testing (дата звернення 12.04.2022).
Mohammed R. Assessment of Web Scanner Tools. Int. J. Comput. Appl. 2016. Vol. 133(5). Р. 1–4. DOI: https://doi.org/10.5120/ijca2016907794
Curphey M., Arawo R. Web application security assessment tools. IEEE Secur. Priv. 2006. Vol. 4. P. 32–41. DOI: https://doi.org/10.1109/MSP.2006.108
Fang Y., Long X., Liu L., Huang C. DarkHunter: A fingerprint recognition model for web automated scanners based on CNN. 2nd International Conference on Cryptography, Security and Privacy. Guiyang, China. 2018. ACM: New York, NY, USA. 2018. P. 10–15. DOI: https://doi.org/10.1145/3199478.3199504
Alsaleh M., Alomar N., Alshreef M., Alarifi A., Al-Salman A. Performance-based comparative assessment of open source web vulnerability scanners. Secur. Commun. Netw. 2017. URL: www.hindawi.com/journals/scn/2017/6158107 (дата звернення 12.04. 2022).
Terry M., Oigiagbe O. D., Acharya S. A comprehensive security assessment toolkit for healthcare systems. Colonial Academic Alliance Undergraduate Research Journal. 2015. Vol. 4. P. 1–6. URL: https://scholarworks.wm.edu/caaurj/vol4/iss1/6
Furrer F. J. Safety and Security of Cyber-Physical Systems. Engineering dependable Software using Principle-based Development. 2022. 521 р. DOI: https://doi.org/10.1007/978-3-658-37182-1
Wu D., Ren A., Zhang W., Fan F., Liu P., Fu X., Terpenny J. Cybersecurity for digital manufacturing. J. Manuf. Syst. 2018. Vol. 48. P. 3–12. DOI: https://doi.org/10.1016/j.jmsy.2018.03.006
Bublil S., Kessler A. How Industrial IoT could Trigger the Next Cyber Catastrophe. 2020. URL: www.kovrr.com/reports/how-industrial-iot-could-trigger-the-next-cyber-catastrophe-2 (дата звернення 22.03.2020).
Henriquez M. Hacker breaks into Florida water treatment facility, changes chemical levels. Security Magazine. 2021. URL: https://www.securitymagazine.com/articles/94552-hacker-breaks-into-florida-water-treatment-facility-changes-chemical-levels (дата звернення 9.02.2021).
ISO/IEC 27001. Information Technology. Security Techniques. Information Security Management Systems-Requirements. ISO/IEC International Standards Organization: Geneva, Switzerland. 2005. URL: https://www.google.com/aclksa=l&ai=DChcSEwjp6qK3paCAAxWgn2gJHddUA2QYABABGgJ3Zg&sig=AOD64_1a4QKpT5Or3O6oATYqyvW4zlqgQ&q&adurl&ved=2ahUKEwifwpG3paCAAxWTiFwKHThIBeIQ0Qx6BAgPEAE
Top 10 Web Application Security Risks. The OWASP Foundation. 2022. URL: https://www.owasp.org (дата звернення 30.05.2022).
Agreindra Helmiawan M., Firmansyah E., Fadil I., Sofivan Y., Mahardika F., Guntara A. Analysis of Web Security Using Open Web Application Security Project 10. 8th International Conference on Cyber and IT Service Management (CITSM). Pangkal, Indonesia. 2020. P. 1–5. DOI: https://doi.org/10.1109/CITSM50537.2020.9268856
OWASP Application Security Verification Standard. OWASP. 2022. URL: http://www.owasp.org/index.php/ASVS (дата звернення 20.02.2022).
Morozova O. I., Nicheporuk A. O., Tets'kyy A. H., Tkachov V. M. Methods and technologies for ensuring cybersecurity of industrial and web-based systems and networks. National Aerospace University – "Kharkiv Aviation Institute": Scientific work. № 4. 2021. Р. 145–156 DOI: https://doi.org/10.32620/reks.2021.4.12
Bhorkar G. Security Analysis of an Operations Support System. School of Science. Master’s Programme in Computer, Communication and Information Sciences. Aalto University. 2017. URL: https://aaltodoc.aalto.fi/handle/123456789/29252 (дата звернення 12.04.2022).
Seng L. K., Ithnin N., Said S. Z. M. The approaches to quantify web application security scanners quality: a review. Int. J. Adv. Comput. Res. 2018. Vol. 8. P. 285–312. DOI: https://doi.org/10.19101/IJACR.2018.838012
Common Vulnerabilities and Exposures. URL: https://cve.mitre.org/
National Vulnerability Database. URL: https://nvd.nist.gov/
MITRE ATT&CK for ICS. URL: https://attack.mitre.org/techniques/ics/
References
García-Valls, M., Dubey, A., Botti, V. (2018), "Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges", Journal of Systems Architecture, No. 91. P. 83–102. DOI: https://doi.org/10.1016/j.sysarc.2018.05.007.
"W3C. The World Wide Web Consortium, The World Wide Web Consortium 2021", available at: www.w3.org. (last accessed 30.05.2022).
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T. (1999), "HyperText Transfer Protocol v1.1; HTTP (RFC 2616)", The Internet Society: Reston, VA, USA, available at: https://datatracker.ietf.org/doc/html/rfc2616
Rescorla, E. (2000), "HTTP over TLS, RFC 1818", Internet Engineering Task Force, available at: https://datatracker.ietf.org/doc/rfc2818/
Fielding, R.T. (2000), "Representational State Transfer (REST). Architectural Styles and the Design of Network-based Software Architectures", University of California, Irvine, CA, USA, Vol. 5, P. 76–147, available at: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
Pedreira, V., Barros, D., Pinto, P. (2021), "A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead, Sensors", MDPI Journals, Sensors, Vol. 21(15), No. 5189. DOI: https://doi.org/10.3390/s21155189
García-Valls, M., Song, L. (2022), "Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities", MDPI Journals, Sensors, Vol. 22, No. 5004. DOI: https://doi.org/10.3390/s22135004
Fang, Z., Fu, H., Gu, T., Qian, Z., Jaeger, T., Hu, P., Mohapatra, P. (2021), "A model checking-based security analysis framework for IoT systems", Journal of High-Confidence Computing, No. 100004. DOI: https://doi.org/10.1016/j.hcc.2021.100004
Sarwar, A., Alnajim, A., Marwat, S. N. K., Ahmed, S., Alyahya, S., Khan, W.U. (2022), "Enhanced Anomaly Detection System for IoT Based on Improved Dynamic SBPSO", MDPI journals, Sensors, Vol. 22, No. 4926. DOI: https://doi.org/10.3390/s22134926
Ervural, B. C., Ervural, B. (2017), "Overview of Cyber Security in the Industry 4.0 Era", Managing the Digital Transformation, P. 267–284. DOI: https://doi.org/10.1007/978-3-319-57870-5_16
Alaoui, R. L., Nfaoui, E. H. (2022), "Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review", MDPI Jjournals, Future Internet, Vol. 14, No. 118. DOI: https://doi.org/10.3390/fi14040118
Al-Garadi, M. A., Mohamed, A., Al-Ali, A., Guizani, M. et al. (2020), "A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security", IEEE Internet of Things Journal, No. 19890478. DOI: https://doi.org/10.1109/COMST.2020.2988293
Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., Crespi, N. (2022), "Comparative Study of Web Application Security Parameters: Current Trends and Future Directions", MDPI Journals, Applied Sciences, Vol. 12, No. 4077. DOI: https://doi.org/10.3390/app12084077
Pathak, G., Gutierrez, J., Ghobakhlou, A., Rehman, S. U. (2022), "LPWAN Key Exchange: A Centralised Lightweight Approach", MDPI Journals, Sensors, Vol. 22, No. 5065. DOI: https://doi.org/10.3390/s22135065
Surej, H. I., Ma, M., Su, R. (2022), "A Feed Forward–Convolutional Neural Network to Detect Low-Rate DoS in IoT", Engineering Applications of Artificial Intelligence, Vol. 114, No. 105059. DOI: https://doi.org/10.1016/j.engappai.2022.105059
Ferrer, B. R., Mohammed, W. M., Chen, E., Martinez Lastra, J. L. (2017), "Connecting Web-Based IoT Devices to a CloudBased Manufacturing Platform", IEEE Internet of Things Journal, No. 17431808. DOI: https://doi.org/10.1109/IECON.2017.8217516
Aazam, M., Zeadally, S., Harras, K. A. (2018), "Deploying Fog Computing in Industrial Internet of Things and Industry 4.0", IEEE Internet of Things Journal, No. 18133157. DOI: https://doi.org/10.1109/TII.2018.2855198
Kabla, H., Anbar, M., Manickam, S., Al-Amiedy, T. A., Cruspe, P. B., Al-Ani, A. K., Karuppayah, S. (2022), "Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive Review", IEEE Access Journal, Vol. 10, No. 21863800. DOI: https://doi.org/10.1109/ACCESS.2022.3188637
Gupta, A. (2019), The IoT Hacker’s Handbook, Apress Berkeley, CA, 320 p. DOI: https://doi.org/10.1007/978-1-4842-4300-8
Doupé, A., Cova, M., Vigna, G. (2010), "Why Johnny can’t pentest: An analysis of black-box web vulnerability scanners", In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany, Springer: Berlin/Heidelberg, Germany. P. 111–131. DOI: https://doi.org/10.1007/978-3-642-14215-4_7
Bau, J., Bursztein, E., Gupta, D., Mitchell, J. (2010), "State of the Art: Automated Black-Box Web Application Vulnerability Testing", IEEE Symposium on Security and Privacy, Oakland, CA, USA, P. 332–345. DOI: https://doi.org/10.1109/SP.2010.27
Parvez, M., Zavarsky, P., Khoury, N. (2015), "Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities", IEEE: Piscataway, NJ, USA, P. 186–191. DOI: https://doi.org/10.1109/ICITST.2015.7412085
Suteva, N., Zlatkovski, D., Mileva, A. (2013), "Evaluation and testing of several free/open source web vulnerability scanners", Conference for Informatics and Information Technology (CIIT 2013), Bitola, Macedonia, Р. 221-224, available at: https://www.researchgate.net/publication/261033249_Evaluation_and_Testing_of_Several_FreeOpen_Source_Web_Vulnerability_Scanners
Idrissi, S., Berbiche, N., Guerouate, F., Shibi, M. (2017), "Performance evaluation of web application security scanners for prevention and protection against vulnerabilities", International Journal of Applied Engineering Research, Vol. 12, No. 21, P. 11068–11076, available at: https://www.ripublication.com/ijaer17/ijaerv12n21_76.pdf
Momeni, E., Cardie, C., Diakopoulos, N. (2015), "A survey on assessment and ranking methodologies for user-generated content on the web", ACM Comput. Surv (CSUR), Vol. 48(3), Р. 1–49. DOI: https://doi.org/10.1145/2811282
Kumar, M., Majithia, S., Bhushan, S. (2016), "An Efficient Model for Web Vulnerabilities Detection based on Probabilistic Classification", Int. J. Technol. Comput. (IJTC), Techlive Solut, P. 50–58, available at: www.semanticscholar.org/paper/An-Efficient-Model-for-Web-Vulnerabilities-based-on-Kumar-Majithia/f09ddc0501358e234a5f8e9ebec359beb91db8f1. (last accessed 12.04.2022).
Raj, G., Mahajan, M., Singh, D. (2018), "Security testing for monitoring web service using Cloud", IEEE: Piscataway, NJ, USA, No. 18043392. P. 316–321. DOI: https://doi.org/10.1109/ICACCE.2018.8441734
Ahmed, M., Adil, M., Latif, S. (2015), "Web application prototype: State-of-art survey evaluation", IEEE: Piscataway, NJ, USA, No. 15756740, P. 19–24. DOI: https://doi.org/10.1109/NSEC.2015.7396339
Hasan, A., Meva, D. (2018), "Web Application Safety by Penetration Testing", Int. J. Adv. Stud. Sci. Res., available at: www.academia.edu/38248493/Web_Application_Safety_by_Penetration_Testing (last accessed 12.04.2022)
Mohammed, R. (2016), "Assessment of Web Scanner Tools", Int. J. Comput. Appl., Vol. 133(5), Р. 1–4. DOI: https://doi.org/10.5120/ijca2016907794
Curphey, M., Arawo, R. (2006), "Web application security assessment tools", IEEE Secur. Priv., Vol. 4, P. 32–41. DOI: https://doi.org/10.1109/MSP.2006.108
Fang, Y., Long, X., Liu, L., Huang, C. (2018), "DarkHunter: A fingerprint recognition model for web automated scanners based on CNN", 2nd International Conference on Cryptography, Security and Privacy, Guiyang, China, ACM: New York, USA, P. 10–15. DOI: https://doi.org/10.1145/3199478.3199504
Alsaleh, M., Alomar, N., Alshreef, M., Alarifi, A., Al-Salman, A. (2017), "Performance-based comparative assessment of open source web vulnerability scanners", Secur. Commun. Netw, available at: www.hindawi.com/journals/scn/2017/6158107 (last accessed 12.04. 2022).
Terry, M., Oigiagbe, O. D., Acharya, S. (2015), "A comprehensive security assessment toolkit for healthcare systems", Colonial Academic Alliance Undergraduate Research Journal, Vol. 4, P. 1–6, available at: https://scholarworks.wm.edu/caaurj/vol4/iss1/6
Furrer, F. J. (2022), Safety and Security of Cyber-Physical Systems, Engineering dependable Software using Principle-based Development, 521 р. DOI: https://doi.org/10.1007/978-3-658-37182-1
Wu, D., Ren, A., Zhang, W., Fan, F., Liu, P., Fu, X., Terpenny, J. (2018), "Cybersecurity for digital manufacturing", J. Manuf. Syst., Vol. 48, P. 3–12. DOI: https://doi.org/10.1016/j.jmsy.2018.03.006
Bublil, S., Kessler, A. (2020), "How Industrial IoT could Trigger the Next Cyber Catastrophe", available at: www.kovrr.com/reports/how-industrial-iot-could-trigger-the-next-cyber-catastrophe-2 (last accessed 22.03.2020)
Henriquez, M. (2021), "Hacker breaks into Florida water treatment facility, changes chemical levels", Security Magazine, available at: https://www.securitymagazine.com/articles/94552-hacker-breaks-into-florida-water-treatment-facility-changes-chemical-levels (last accessed 9.02.2021)
ISO/IEC 27001 (2005), "Information Technology. Security Techniques", Information Security Management Systems–Requirements. ISO/IEC International Standards Organization: Geneva, Switzerland, available at: https://www.google.com/aclk?sa=l&ai=DChcSEwjp6qK3paCAAxWgn2gJHddUA2QYABABGgJ3Zg&sig=AOD64_1a4QKpT5Or3O6oAT-YqyvW4zlqgQ&q&adurl&ved=2ahUKEwifwpG3paCAAxWTiFwKHThIBeIQ0Qx6BAgPEAE
"Top 10 Web Application Security Risks" (2022), The OWASP Foundation, available at: https://www.owasp.org (last accessed 30.05.2022).
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., Guntara, A. (2020), "Analysis of Web Security Using Open Web Application Security Project 10", International Conference on Cyber and IT Service Management (CITSM), Pangkal, Indonesia, P. 1–5. DOI: https://doi.org/10.1109/CITSM50537.2020.9268856
OWASP Application Security Verification Standard, (2022), OWASP, available at: http://www.owasp.org/index.php/ASVS (last accessed 20.02.2022).
Morozova, O. I., Nicheporuk, A. O., Tets'kyy, A. H., Tkachov, V. M. (2021), "Methods and technologies for ensuring cybersecurity of industrial and web-based systems and networks", National Aerospace University – "Kharkiv Aviation Institute": Scientific work, No. 4. Р. 145–156. DOI: https://doi.org/10.32620/reks.2021.4.12
Bhorkar, G. (2017), "Security Analysis of an Operations Support System", School of Science, Master’s Programme in Computer, Communication and Information Sciences, Aalto University, available at: https://aaltodoc.aalto.fi/handle/123456789/29252 (last accessed 12.04.2022).
Seng, L. K., Ithnin, N., Said, S. Z. M. (2018), "The approaches to quantify web application security scanners quality: a review", Int. J. Adv. Comput. Res., Vol. 8, P. 285–312. DOI: https://doi.org/10.19101/IJACR.2018.838012
"Common Vulnerabilities and Exposures", available at: https://cve.mitre.org/
"National Vulnerability Database", available at: https://nvd.nist.gov/
"MITRE ATT&CK for ICS", available at: https://attack.mitre.org/techniques/ics/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Євген Мерзлікін, Євген Бабешко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Our journal abides by the Creative Commons copyright rights and permissions for open access journals.
Authors who publish with this journal agree to the following terms:
Authors hold the copyright without restrictions and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-commercial and non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
Authors are permitted and encouraged to post their published work online (e.g., in institutional repositories or on their website) as it can lead to productive exchanges, as well as earlier and greater citation of published work.
