<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">dt</journal-id><journal-title-group><journal-title xml:lang="ru">Цифровая трансформация</journal-title><trans-title-group xml:lang="en"><trans-title>Digital Transformation</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2522-9613</issn><issn pub-type="epub">2524-2822</issn><publisher><publisher-name>Educational Establishment “Belarusian State University of Informatics and Radioelectronics”</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">dt-66</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ТЕХНИЧЕСКИЕ НАУКИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>TECHNICAL SCIENCES</subject></subj-group></article-categories><title-group><article-title>МЕТОД ОЦЕНКИ КАЧЕСТВА WEB-ПРИЛОЖЕНИЙ, ОСНОВАННЫЙ НА ОБНАРУЖЕНИИ УЯЗВИМОСТЕЙ</article-title><trans-title-group xml:lang="en"><trans-title>A WEB-APPLICATION QUALITY EVALUATION METHOD BASED ON VULNERABILITY DETECTION</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Оношко</surname><given-names>Д. Е.</given-names></name><name name-style="western" xml:lang="en"><surname>Onoshko</surname><given-names>D. E.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Магистр технических наук, ассистент кафедры ПОИТ </p><p>ул. П. Бровки, д. 6, 220013, г. Минск</p></bio><bio xml:lang="en"><p>Master of Technical sciences, Assistant Lecturer of Software for Information Technologies Department </p><p>6 P.Brovki Str., 220013 Minsk, Republic of Belarus</p><p> </p></bio><email xlink:type="simple">onoshko@bsuir.by</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бахтизин</surname><given-names>В. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Bakhtizin</surname><given-names>V. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Кандидат технических наук, профессор кафедры ПОИТ </p><p>ул. П. Бровки, д. 6, 220013, г. Минск</p></bio><bio xml:lang="en"><p>Candidate of Sciences (Technology), Professor of Software for Information Technologies Department </p><p>6 P.Brovki Str., 220013 Minsk, Republic of Belarus</p><p> </p></bio><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Белорусский государственный университет информатики и радиоэлектроники</institution></aff><aff xml:lang="en"><institution>Belarusian State University of Informatics and Radioelectronics</institution></aff></aff-alternatives><pub-date pub-type="collection"><year>2018</year></pub-date><pub-date pub-type="epub"><day>03</day><month>05</month><year>2018</year></pub-date><volume>0</volume><issue>1</issue><fpage>58</fpage><lpage>65</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Оношко Д.Е., Бахтизин В.В., 2018</copyright-statement><copyright-year>2018</copyright-year><copyright-holder xml:lang="ru">Оношко Д.Е., Бахтизин В.В.</copyright-holder><copyright-holder xml:lang="en">Onoshko D.E., Bakhtizin V.V.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://dt.bsuir.by/jour/article/view/66">https://dt.bsuir.by/jour/article/view/66</self-uri><abstract><p>В статье предлагается метод оценки качества web-приложений, основанный на обнаружении уязвимостей путем статического анализа исходных кодов. Приводится описание модели обнаружения уязвимостей к SQL-инъекциям, а также модели качества web-приложений, основанной на результатах обнаружения уязвимостей и являющейся расширением модели качества ISO/IEC 25010.</p></abstract><trans-abstract xml:lang="en"><p>This article introduces a method of web-application quality evaluation based on static analysis of the source code. A model for SQL-injection vulnerability detection and a web-application quality model based on the results of vulnerability detection that extends the ISO/IEC 25010 quality model are described.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>web-приложение</kwd><kwd>статический анализ</kwd><kwd>SQL-инъекция</kwd><kwd>уязвимость</kwd></kwd-group><kwd-group xml:lang="en"><kwd>web-application</kwd><kwd>static analysis</kwd><kwd>SQL-injection</kwd><kwd>vulnerability</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">OWASP Top 10 2017. The Ten Most Critical Web Application Security Risks. [Electronic resource]. – Mode of access: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf. – Date of access: 27.11.2017.</mixed-citation><mixed-citation xml:lang="en">OWASP Top 10 2017. The Ten Most Critical Web Application Security Risks. Available at: https://www.owasp.org/ images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf (accessed 27.11.2017).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Бахтизин, В. В. Модель обнаружения уязвимостей в web-приложениях / В. В. Бахтизин, Д. Е. Оношко // Докл. БГУИР. – 2016. – №1 (95). – С. 5–11.</mixed-citation><mixed-citation xml:lang="en">Bakhtizin V. V. A web-application vulnerability detection model. Doklady BGUIR. 2016, no. 1, pp.5–11 (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Cousot P. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints / P. Cousot, R. Cousot // Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, January 1977. – Los Angeles: ACM, 1977. – Pp. 238–252.</mixed-citation><mixed-citation xml:lang="en">Cousot P., Cousot R. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, 1977, pp. 238–252.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Spolsky, J. Making Wrong Code Look Wrong – Joel on Software / J. Spolsky // JOEL ON SOFTWARE [Electronic resource]. – Mode of access: http://www.joelonsoftware.com/articles/Wrong.html. – Date of access: 21.12.2014.</mixed-citation><mixed-citation xml:lang="en">Spolsky J. Making Wrong Code Look Wrong – Joel on Software. Available at: http://www.joelonsoftware.com/articles/Wrong.html (accessed 21.12.2014).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 25010:2011. Системная и программная инженерия — Требования к качеству и оценка программного продукта (SQuaRE) — Модели качества систем и программных средств. – Введ. 01.03.2011. – Женева: ISO/IEC, 2011.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 25010:2011. Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. Geneva, ISO/IEC, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Оношко, Д. Е. Модель оценки качества web-приложений, основанная на обнаружении уязвимостей к SQL-инъекциям / Д. Е. Оношко, В. В. Бахтизин // Докл. БГИР. – 2016. – №3 (97). – С. 37–43.</mixed-citation><mixed-citation xml:lang="en">Onoshko D. E. A web-application quality assessment model based on SQL-injection vulnerability detection. Doklady BGUIR, 2016, no. 3, pp. 37–43 (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Бахтизин, В. В. Метрология, стандартизация и сертификация в информационных технологиях: учеб. пособие: в 2 ч. / В. В. Бахтизин, Л. А. Глухова. – Минск: БГУИР, 2016. – Ч. 2. – 343 с.</mixed-citation><mixed-citation xml:lang="en">Bakhtizin V. V., Glukhova L. A. Metrologija, standartizacija i sertifikacija v informacionnyh tehnologijah [Metrology, standardization and certification in information technologies]. Minsk, BSUIR, 2016. 343 p. (In Russian).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Оценка качества программных средств. Общие положения: ГОСТ 28195-99. Введ. 2000-01-03. – М., 1998. – 49 с.</mixed-citation><mixed-citation xml:lang="en">GOST 28195-99. Ocenka kachestva programmnyh sredstv. Obshhie polozhenija [State Standard 28195-99. Quality control of software system. General principles]. Moscow, Standartinform Publ., 1998. 49 p. (In Russian).</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
