TECHNIQUES FOR API PROTECTION USING JAVASCRIPT: MATHEMATICAL MODELS FOR ENHANCED SECURITY

Abstract

This paper explores modern approaches and tools for ensuring API security in web applications implemented using JavaScript. The focus is on key security aspects such as authentication and authorization, data encryption, rate limiting, input validation and sanitization, protection against CSRF (Cross-Site Request Forgery) and XSS (Cross-Site Scripting) attacks, as well as monitoring and logging. Mathematical models and formulas describing the algorithms and processes for ensuring security are provided for each of these techniques.
Authentication and authorization include the use of JWT (JSON Web Tokens) and OAuth 2.0 to ensure secure information exchange between the client and the server. Data encryption using TLS (Transport Layer Security) and HTTPS guarantees the confidentiality and integrity of transmitted data. Rate limiting helps protect the server from an excessive number of requests from a single client, which can be caused by errors or malicious actions.
Monitoring and logging allow for the detection of suspicious activity and anomalies in the system's operation through log analysis. The paper also discusses practical examples of applying these techniques in real-world projects, aiding developers in integrating these approaches into their web applications to ensure reliability and security.
Integration of the proposed methods into real projects will help developers to increase the level of protection of their systems, ensuring confidentiality, integrity and availability of data.

Keywords: JavaScript, api security, authentication, data encryption, csrf, xss.

References
1. Y. Yu, J. Lu, J. Fernandez-Ramil, and P. Yuan, "Comparing Web Services with other Software Components," in IEEE International Conference on Web Services (ICWS 2007), 2007, pp. 388-397. doi: 10.1109/ICWS.2007.64.
2. S. Dalimunthe, J. Reza, and A. Marzuki, "The Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems," Journal of Applied Engineering and Technological Science (JAETS), vol. 3, no. 2, pp. 149-155, 2022.
3. A. Rahmatulloh, R. Gunawan, and F. M. S. Nursuwars, "Performance comparison of signed algorithms on JSON Web Token," in IOP Conference Series: Materials Science and Engineering, Aug. 2019, vol. 550, no. 1. doi: 10.1088/1757-899X/550/1/012023.
4. R. Gunawan and A. Rahmatulloh, "JSON Web Token (JWT) untuk Authentication pada Interoperabilitas Arsitektur berbasis RESTful Web Service," Jurnal Edukasi dan Penelitian Informatika (JEPIN), vol. 5, no. 1, p. 74, Apr. 2019, doi: 10.26418/jp.v5i1.27232.
5. Fowler, M. (2018). UML distilled: a brief guide to the standard object modeling language. Addison-Wesley Professional.
6. A. Smith, "Cybersecurity in the Digital Age: Challenges and Solutions," Journal of Cybersecurity, vol. 5, no. 3, pp. 112-127, 2019.