A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

Download Full-text

SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.4.107 ◽

2018 ◽

Vol 2 (4) ◽

pp. 286 ◽

Cited By ~ 1

Author(s):

Robinson ◽

Memen Akbar ◽

Muhammad Arif Fadhly Ridha

Keyword(s):

Web Application ◽

Web Applications ◽

Monitoring Network ◽

Sql Injection ◽

Web Application Security ◽

Ip Address ◽

Application Security ◽

Rule Set ◽

Security Rule ◽

Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Download Full-text

An Alternative Threat Model-based Approach for Security Testing

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2015070103 ◽

2015 ◽

Vol 6 (3) ◽

pp. 50-64 ◽

Cited By ~ 4

Author(s):

Bouchaib Falah ◽

Mohammed Akour ◽

Samia Oukemeni

Keyword(s):

Web Application ◽

Web Applications ◽

Security Attacks ◽

Security Testing ◽

Security Risks ◽

Web Application Security ◽

Application Security ◽

Malicious Codes ◽

Testing Approach ◽

Interaction Web

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's (OWASP) that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.

Download Full-text

An Alternative Threat Model-Based Approach for Security Testing

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch018 ◽

2018 ◽

pp. 441-454

Author(s):

Bouchaib Falah ◽

Mohammed Akour ◽

Samia Oukemeni

Keyword(s):

Web Application ◽

Web Applications ◽

Security Testing ◽

Security Risks ◽

Web Application Security ◽

Threat Model ◽

Application Security ◽

Malicious Codes ◽

Testing Approach ◽

Interaction Web

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's (OWASP) that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.

Download Full-text

Practical Web Application Security Testing

Secure Java ◽

10.1201/ebk1439823514-21 ◽

2010 ◽

pp. 277-298

Keyword(s):

Web Application ◽

Security Testing ◽

Web Application Security ◽

Application Security

Download Full-text

Types of Web Application Security Testing

The Manager’s Guide to Web Application Security: ◽

10.1007/978-1-4842-0148-0_2 ◽

2014 ◽

pp. 13-20

Author(s):

Ron Lepofsky

Keyword(s):

Web Application ◽

Security Testing ◽

Web Application Security ◽

Application Security

Download Full-text

Countering Cross-Site Scripting in Web-based Applications

International Journal of Strategic Information Technology and Applications ◽

10.4018/ijsita.2015010105 ◽

2015 ◽

Vol 6 (1) ◽

pp. 57-68 ◽

Cited By ~ 1

Author(s):

Loye Lynn Ray

Keyword(s):

Web Sites ◽

Web Application ◽

Information Source ◽

Web Application Security ◽

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Cross Site

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Download Full-text

Locality-Sensitive Hashing for Efficient Web Application Security Testing

Proceedings of the 5th International Conference on Information Systems Security and Privacy ◽

10.5220/0007255301930204 ◽

2019 ◽

Author(s):

Ilan Ben-Bassat ◽

Erez Rokah

Keyword(s):

Web Application ◽

Locality Sensitive Hashing ◽

Security Testing ◽

Web Application Security ◽

Application Security

Download Full-text

Countering Cross-Site Scripting in Web-Based Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch014 ◽

2018 ◽

pp. 370-383

Author(s):

Loye Lynn Ray

Keyword(s):

Web Sites ◽

Web Application ◽

Information Source ◽

Web Application Security ◽

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Cross Site

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Download Full-text