Anomaly Based Detection of Cross Site Scripting Attack in Web Applications Using Gradient Boosting Classifier

2021 ◽  
pp. 243-252
Author(s):  
P. Sriramya ◽  
S. Kalaiarasi ◽  
N. Bharathi
Keyword(s):  
Web Applications ◽  
Gradient Boosting ◽  
Cross Site

Enhanced prediction of vulnerable Web components using Stochastic Gradient Boosting Trees

2019 ◽  
Vol 15 (2) ◽  
pp. 201-214 ◽  
Author(s):  
Mahmoud Elish
Keyword(s):  
Web Applications ◽  
Prediction Models ◽  
Stochastic Gradient ◽  
Gradient Boosting ◽  
Data Sets ◽  
Content Type ◽  
Stochastic Gradient Boosting ◽  
Security Inspection ◽  
Novel Model ◽  
Efficient Software

Purpose Effective and efficient software security inspection is crucial as the existence of vulnerabilities represents severe risks to software users. The purpose of this paper is to empirically evaluate the potential application of Stochastic Gradient Boosting Trees (SGBT) as a novel model for enhanced prediction of vulnerable Web components compared to common, popular and recent machine learning models. Design/methodology/approach An empirical study was conducted where the SGBT and 16 other prediction models have been trained, optimized and cross validated using vulnerability data sets from multiple versions of two open-source Web applications written in PHP. The prediction performance of these models have been evaluated and compared based on accuracy, precision, recall and F-measure. Findings The results indicate that the SGBT models offer improved prediction over the other 16 models and thus are more effective and reliable in predicting vulnerable Web components. Originality/value This paper proposed a novel application of SGBT for enhanced prediction of vulnerable Web components and showed its effectiveness.

Cross-Site Scripting

2011 ◽  
pp. 61-75 ◽  
Author(s):  
Almudena Alcaide Raya ◽  
Jorge Blasco Alis ◽  
Eduardo Galán Herrero ◽  
Agustín Orfila Diaz-Pabón
Keyword(s):  
Computer Program ◽  
Web Applications ◽  
Personal Information ◽  
Adequate Level ◽  
Cross Site

As any other computer program, Web applications are susceptible of including vulnerabilities that may not only disrupt the provided service, but also facilitate private and personal information to an attacker. As these applications are usually public or even publicized, attacks are expected to be more and more frequent, making it necessary to supply the means to provide an adequate level of security in the utilization of Web applications.

scholarly journals Towards Cross-site Scripting Vulnerability Detection in Mobile Web Applications

2018 ◽  
Vol 7 (4.1) ◽  
pp. 18
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  
Mobile Phones ◽  
Web Applications ◽  
Personal Information ◽  
Denial Of Service ◽  
Vulnerability Detection ◽  
Security Vulnerabilities ◽  
Mobile Web ◽  
The Past ◽  
Web Developers ◽  
Cross Site

Cross-site scripting vulnerabilities are among the top ten security vulnerabilities affecting web applications for the past decade and mobile version web applications more recently. They can cause serious problems for web users such as loss of personal information to web attackers, including financial and health information, denial of service attacks, and exposure to malware and viruses. Most of the proposed solutions focused only on the Desktop versions of web applications and overlooked the mobile versions. Increasing use of mobile phones to access web applications increases the threat of cross-site scripting attacks on mobile phones. This paper presents work in progress on detecting cross-site scripting vulnerabilities in mobile versions of web applications. It proposes an enhanced genetic algorithm-based approach that detects cross-site scripting vulnerabilities in mobile versions of web applications. This approach has been used in our previous work and successfully detected the said vulnerabilities in Desktop web applications. It has been enhanced and is currently being tested in mobile versions of web applications. Preliminary results have indicated success in the mobile versions of web applications also. This approach will enable web developers find cross-site scripting vulnerabilities in the mobile versions of their web applications before their release.  

scholarly journals Cross Site Scripting Attacks in Web-Based Applications

2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Learning Ability ◽  
Security Risk ◽  
Web Application Security ◽  
Web Based ◽  
Architectural Framework ◽  
Self Learning ◽  
Cross Site ◽  
The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

scholarly journals Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines

2015 ◽  
Vol 8 (30) ◽  
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  
Web Applications ◽  
Cross Site

scholarly journals Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

2021 ◽  
Vol 3 (2) ◽  
pp. 149
Author(s):  
Ripto Mukti Wibowo ◽  
Aruji Sulaksono
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Cost Effective ◽  
Internet Technology ◽  
Cyber Attack ◽  
Security Threat ◽  
Web Application Security ◽  
Application Security ◽  
Case Examples ◽  
Cross Site

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

Sign in / Sign up

Export Citation Format

Share Document