Towards a Guaranteed (X)HTML Compliant Dynamic Web Application

Cross-site scripting is one of the notable exceptions effecting almost every web application. Hence, this article proposed a framework to negate the impact of the XSS attack on web servers deployed in one of the major applications of the Internet of Things (IoT) i.e. the smart city environment. The proposed framework implements 2 approaches: first, it executes vulnerable flow tracking for filtering injected malicious scripting code in dynamic web pages. Second, it accomplished trusted remark generation and validation for unveiling any suspicious activity in static web pages. Finally, the filtered and modified webpage is interfaced to the user. The prototype of the framework has been evaluated on a suite of real-world web applications to detect XSS attack mitigation capability. The performance analysis of the framework has revealed that this framework recognizes the XSS worms with very low false positives, false negatives and acceptable performance overhead as compared to existent XSS defensive methodologies.

Download Full-text

Failure Detection Algorithm for Testing Dynamic Web Applications

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2017.1396 ◽

2017 ◽

pp. 37-41

Author(s):

J. Vijaya Sagar Reddy ◽

G. Ramesh

Keyword(s):

Web Sites ◽

Experimental Evaluation ◽

Web Application ◽

Web Applications ◽

Failure Detection ◽

Detection Algorithm ◽

The Internet ◽

Test Cases ◽

Dynamic Web ◽

The Web

Web applications are the most widely used software in the internet. When a web application is developed and deployed in the real environment, It is very severe if any bug found by the attacker or the customer or the owner of the web application. It is the very important to do the proper pre-analysis testing before the release. It is very costly thing if the proper testing of web application is not done at the development location and any bug found at the customer location. For web application testing the existing systems such as DART, Cute and EXE are available. These tools generate test cases by executing the web application on concrete user inputs. These tools are best suitable for testing static web sites and are not suitable for dynamic web applications. The existing systems needs user inputs for generating the test cases. It is most difficult thing for the human being to provide dynamic inputs for all the possible cases. This paper presents algorithms and implementation, and an experimental evaluation that revealed HTML Failures, Execution Failures, Includes in PHP Web applications.

Download Full-text

An adaptive anomaly request detection framework based on dynamic web application profiles

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v10i5.pp5335-5346 ◽

2020 ◽

Vol 10 (5) ◽

pp. 5335

Author(s):

Cho Do Xuan ◽

Nam Nguyen ◽

Hoa Nguyen Dinh

Keyword(s):

Web Application ◽

Detection System ◽

Application Layer ◽

Detection Systems ◽

Web Attacks ◽

Analysis Technique ◽

Dynamic Web ◽

Attack Data ◽

Access Data ◽

Anomaly Detection System

Web application firewall is a highly effective application in protecting the application layer and database layer of websites from attack access. This paper proposes a new web application firewall deploying method based on Dynamic Web application profiling (DWAP) analysis technique. This is a method to deploy a firewall based on analyzing website access data. DWAP is improved to integrate deeply into the structure of the website to increase the compatibility of the anomaly detection system into each website, thereby improving the ability to detect abnormal requests. To improve the compatibility of the web application firewall with protected objects, the proposed system consists of two parts with the main tasks are: i) Detect abnormal access in web application (WA) access; ii) Semi-automatic update the attack data to the abnormal access detection system during WA access. This new method is applicable in real-time detection systems where updating of new attack data is essential since web attacks are increasingly complex and sophisticated.

Download Full-text

E-ZAKAT: AN APPROACH FOR ZAKAT MANAGEMENT TO ERADICATE POVERTY

International Journal of Islamic Banking and Finance Research ◽

10.46281/ijibfr.v8i1.1521 ◽

2021 ◽

pp. 29-40

Keyword(s):

Low Income ◽

Management System ◽

Web Application ◽

Positive Impact ◽

Poverty Eradication ◽

Economic Stability ◽

Free System ◽

Online Systems ◽

Dynamic Web ◽

To Receive

This paper has shown an online-based zakat management system named E-ZAKAT. Zakat is one of the main foundational goals of the world’s second-largest religion, Islam. So, it has indisputable importance for a country as well as the world economy and poverty eradication. During the COVID-19 pandemic, people have become habituated with the online system due to unavoidable situations, such as education and commodity market has now turned into online systems. However, an online base zakat management system for both donors and seekers has not prevailed widely. Here in this proposed system, the donor can calculate, donate their zakat, and the seeker can apply to receive it. Instead of providing cash, business or agricultural help is planned to ensure the economic stability of a low-income family. For this purpose, the expectant can claim support for green farming, agricultural equipment, or money to start a small business after ensuring the required verification and qualification steps. The proposed dynamic web application E-ZAKAT will provide an easier and hassle-free system for zakat donors and seekers with an attractive design. As a result, proper utilization of our system could provide a positive impact to change our society as well as our world.

Download Full-text

DETECTING SERVER-SIDE ENDPOINTS IN WEB APPLICATIONS BASED ON STATIC ANALYSIS OF CLIENT-SIDE JavaScript CODE

PRIKLADNAYa DISKRETNAYa MATEMATIKA ◽

10.17223/20710410/53/3 ◽

2021 ◽

pp. 32-54

Author(s):

D. A. Sigalov ◽

◽

A. A. Khashaev ◽

D. Yu. Gamayunov ◽

◽

...

Keyword(s):

Static Analysis ◽

Web Application ◽

Web Applications ◽

Security Analysis ◽

Endpoint Detection ◽

Security Testing ◽

Application Security ◽

Server Side ◽

Dynamic Web ◽

Client Side

The problem of server-side endpoint detection in the context of blackbox security analysis of dynamic web applications is considered. We propose a method to increase coverage of server-side endpoint detection using static analysis of client-side JavaScript code to find functions which generate HTTP requests to the server-side of the application and reconstruct parameters for those functions. In the context of application security testing, static analysis allows to find such functions even in dead or unreachable JavaScript code, which cannot be achieved by dynamic crawling or dynamic code analysis. Evaluation of the proposed method and its implementation has been done using synthetic web application with endpoints vulnerable to SQL injections, and the same application was used to compare the proposed method with existing solutions. Evaluation results show that adding JavaScript static analysis to traditional dynamic crawling of web applications may significantly improve server-side endpoint coverage in blackbox application security analysis.

Download Full-text

Image-Based Approach to Determining Regression Test Results of Dynamic Web Applications

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194018500286 ◽

2018 ◽

Vol 28 (07) ◽

pp. 1001-1025 ◽

Cited By ~ 1

Author(s):

Akihiro Hori ◽

Shingo Takada ◽

Toshiyuki Kurabayashi ◽

Haruto Tanno

Keyword(s):

Web Application ◽

Web Applications ◽

Regression Testing ◽

Test Case ◽

Test Cases ◽

Test Results ◽

Test Execution ◽

Dynamic Web ◽

Regression Test ◽

Post Modification

Much work has been done on automating regression testing for applications. But most of them focus on test execution. Little work has been done on automatically determining if a test case passes or fails. This decision is often made by comparing the results of executing test cases on a base version of the application and post-modification version of the application. If the two results match, the test case passes, otherwise fails. However, to the best of our knowledge, there is no regression testing method for automatically deciding pass/fail of dynamic Web applications which use JavaScript or CSS. We propose a method that automatically decides if a dynamic Web application passes a regression test case. The basic idea is to obtain a screenshot each time the GUI of the Web application (i.e. Web page) changes its state, and then compare each corresponding screenshot to see if they match. The evaluation results showed that the accuracy rate of our approach is high and our approach can be considered as fast enough for practical use.

Download Full-text

Countering Cross-Site Scripting in Web-based Applications

International Journal of Strategic Information Technology and Applications ◽

10.4018/ijsita.2015010105 ◽

2015 ◽

Vol 6 (1) ◽

pp. 57-68 ◽

Cited By ~ 1

Author(s):

Loye Lynn Ray

Keyword(s):

Web Sites ◽

Web Application ◽

Information Source ◽

Web Application Security ◽

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Cross Site

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Download Full-text

An Innovative Security Strategy using Reactive Web Application Honeypot

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.e2957.039520 ◽

2020 ◽

Vol 9 (5) ◽

pp. 2092-2097

Keyword(s):

Dynamic Response ◽

Web Application ◽

Web Applications ◽

Cyber Attacks ◽

Security Strategy ◽

Critical Data ◽

Large Target ◽

Dynamic Web ◽

Attack Surface ◽

Classification Tool

Nowadays, web applications have become most prevailing in the industry, and the critical data of most organizations are stored using web apps. Thus, web applications pose a large target for assorted cyber-attacks. As mitigation for them, among many proposed solutions, web application honeypots are much sophisticated and robust protection. In this paper, we propose a low interaction, adaptive, and dynamic web application honeypot that imitates the vulnerabilities through HTTP events. The honeypot is built with SNARE and TANNER; SNARE devises the attack surface and sends the requests to TANNER, which evaluates them and determines how SNARE should respond to the requests. TANNER is an analysis and classification tool, which analyses and evaluates HTTP requests served by SNARE, and composes a dynamic response by its emulation engine. The honeypot works abreast major complex vulnerabilities, deceiving the attacker by lying under the surface of a real web application.

Download Full-text