Analysis of current threats and security measures used in web applications on the example of Symfony, Express, and Spring Boot
Article Sidebar
Open full text
Issue Vol. 37 (2025)
-
Performance evaluation of Machine Learning and Deep Learning models for 5G resource allocation
371-378
-
Analysis of the use of object detection systems in edge computing
379-390
-
Performance analysis of Jetpack Compose components in mobile applications
391-398
-
Methods for comparing three-dimensional motion trajectories
399-404
-
Performance and scalability analysis of monolithic and microservice architectures in social networks
405-409
-
Comparative analysis of methods for identifying tree structures of coronary vessels
410-417
-
Websites accessibility assessment of voivodeship cities in Poland
418-425
-
Analysis of ORM framework approaches for Node.js
426-430
-
Analysis of performance optimization methods for 3D games in the Unity environment
431-435
-
The impact of AI use on the performance of chess engines
436-442
-
Evaluating the effectiveness of selected tools in recognizing emotions from facial photos
443-450
-
Performance analysis of the GraphQL API creation technologies using Spring Boot and NestJS
451-456
-
Comparative Performance Analysis of RabbitMQ and Kafka Message Queue Systems in Spring Boot and ASP.NET Environments
457-462
-
Analysis of current threats and security measures used in web applications on the example of Symfony, Express, and Spring Boot
463-469
-
The use of machine learning to classify symbols on cultural monuments to identify their origin and historical period.
470-475
-
Investigating Machine Learning Algorithms for Stroke Occurrence Prediction
476-483
-
Comparative performance analysis of Spring Boot and Quarkus frameworks in Java applications
484-491
-
Influence of activation function in deep learning for cutaneous melanoma identification
492-499
-
Analysis of methods for simulating character encounters in a game with RPG elements
500-507
-
Analysis of the efficiency of Apex and Java languages and related technologies in performing database operations
508-514
Main Article Content
DOI
Authors
Abstract
The article analyzes the most common threats currently appearing in web applications and compares the built-in security features of Symfony, Express, and Spring Boot frameworks. The study aimed to identify security gaps, assess their risk, and then present practices that enable effectiveprotection against attacks. The priority was to create four applications that were all identical in terms of structure. Tested applications were designed to have built-in security mechanisms from analyzed threats. The greatest threats currently are Broken Access Control attacks, cryptographic vulnerabilities, and code injection. The research process was conducted using Burp Suite Professional, SQLMap, XSSER, andHydra tools. The results indicate that Symfony and Spring Boot are the best protected against the threats. Additionally, the default Expressskeleton mechanisms do not protect the application from Cross Site Scripting (XSS) attacks.
