Veb-ilovalarda sessiya va xavfsizlik nazariyasi
Keywords:
veb-ilova, sessiya boshqaruvi, xavfsizlik, sessiya hijacking, HTTPS protokoli., web, web-ilova, sessiya boshqaruvi, xavfsizlik, sessiya hijacking, https protokoliAbstract
Ushbu ilmiy maqola veb-ilovalarda sessiya boshqaruvi va xavfsizlik masalalarini tahlilqiladi. Veb-ilovalar sessiya boshqaruvi orqali foydalanuvchilarning tizimga kirish huquqininazorat qiladi, lekin ushbu tizimlar ko‘plab xavf-xatarlarga duch keladi. Sessiya hijacking (sessiyao‘g‘irlash) va sessiya fixating (sessiya belgilash) kabi zaifliklar kiberhujumchilargafoydalanuvchilarning hisoblariga ruxsatsiz kirishga imkon beradi. Maqolada veb-ilovalarningxavfsizligini ta'minlash uchun zarur bo‘lgan xavfsizlik choralari, jumladan, HTTPS protokoli,murakkab sessiya ID-lari va sessiya vaqtini cheklash kabi usullar keltirilgan.Shuningdek, maqolada sessiya xavfsizligini o‘lchash va xavfsizlikni yuqori miqyosdabaholash uchun zamonaviy testlar, metodlar va tavsiyalar berilgan. Veb-ilovalarda cookie vasessiya xavfsizligi, shuningdek, ularni o‘g‘irlash xavfini kamaytirish uchun shifrlashtexnologiyalari va xavfsizlik protokollari muhokama qilinadi. Maqola sessiya boshqaruviniyaxshilash va veb-ilovalar xavfsizligini oshirish uchun muhim tavsiyalarni taqdim etadi.
References
1. B. Adida. Sessionlock: securing web sessions against eavesdropping. In Proceedings
of the 17th international conference on World Wide Web, pages 517–524, 2008.
2. Apache Software Foundation. Apache tomcat - migration guide - tomcat 7.0.x.
Online at http: // tomcat. apache. org/ migration-7. html , 2012.
3. A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request
forgery. In Proceedings of the 15th ACM conference on Computer and communications security, pages 75–88, 2008.
4. E. Butler. Firesheep. Online at http: // codebutler. com/ firesheep , 2010.
5. I. Dacosta, S. Chakradeo, M. Ahamad, and P. Traynor. One-time cookies: Preventing session hijacking attacks with stateless authentication tokens. ACM Transactions on Internet Technology (TOIT), 12(1):1, 2012.
6. M. Dietz, A. Czeskis, D. Balfanz, and D. S. Wallach. Origin-Bound Certificates
: A Fresh Approach to Strong Client Authentication for the Web. In Proc. 21st
USENIX Security Symposium, 2012.
7. P. Hallam-Baker. Http integrity header. Online at http: // tools. ietf. org/
html/ draft-hallambaker-httpintegrity-02 , 2012.
8. E. Hughes. An encrypted key transmission protocol. rump session of CRYPTO,
94, 1994.
9. G. Inc. Federated login for google account users. Online at https: // developers.
google. com/ accounts/ docs/ OpenID , 2013.
10. C. Jackson and A. Barth. Forcehttps: Protecting High-SecurityWeb Sites from
Network Attacks. In Proceeding of the 17th international conference on World
Wide Web, pages 525—-534, Apr. 2008.
11. Abdullaev I. H., Anarbaevna E. K. The Role of Computers in Modern Education //Journal of science, research and teaching. – 2024. – Т. 3. – №. 2. – С. 51-53.
12. Абдуллаев И., Тешаева М., Саидова З. Обеспечение конфиденциальности и защиты данных в образовании: задачи для будущих педагогов //O'zbekistonda fanlararo innovatsiyalar va ilmiy tadqiqotlar jurnali. – 2024. – Т. 3. – №. 27. – С. 257-261.
13. Rasulov U. M., Abdullayev I. X., Mansurov U. Analysis of scientific studies aimed at advancing the theory and practice of testing //European International Journal of Pedagogics. – 2024. – Т. 4. – №. 01. – С. 57-59.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2026 Abdullayev Ilhom, Nurmurodova Jasmina
This work is licensed under a Creative Commons Attribution 4.0 International License.
This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). Authors retain copyright and grant the journal the right to first publication. The license permits others to share, adapt, and build upon the work as long as appropriate credit is given to the original author(s) and the source.