Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting

Application Security ◽

Case Examples ◽

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.4.107 ◽

2018 ◽

Vol 2 (4) ◽

pp. 286 ◽

Cited By ~ 1

Author(s):

Robinson ◽

Memen Akbar ◽

Muhammad Arif Fadhly Ridha

Keyword(s):

Web Application ◽

Web Applications ◽

Monitoring Network ◽

Sql Injection ◽

Ip Address ◽

Application Security ◽

Rule Set ◽

Security Rule ◽

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Static analysis for discovering IoT vulnerabilities

International Journal on Software Tools for Technology Transfer ◽

10.1007/s10009-020-00592-x ◽

2020 ◽

Author(s):

Pietro Ferrara ◽

Amit Kr Mandal ◽

Agostino Cortesi ◽

Fausto Spoto

Keyword(s):

Static Analysis ◽

Web Application ◽

Web Applications ◽

Security Vulnerabilities ◽

Robust Solution ◽

Representative Case ◽

Application Security ◽

Industrial Analyzer ◽

The Relationship

AbstractThe Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.

Countering Cross-Site Scripting in Web-based Applications

International Journal of Strategic Information Technology and Applications ◽

10.4018/ijsita.2015010105 ◽

2015 ◽

Vol 6 (1) ◽

pp. 57-68 ◽

Cited By ~ 1

Author(s):

Loye Lynn Ray

Keyword(s):

Web Sites ◽

Web Application ◽

Information Source ◽

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Countering Cross-Site Scripting in Web-Based Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch014 ◽

2018 ◽

pp. 370-383

Author(s):

Loye Lynn Ray

Keyword(s):

Web Sites ◽

Web Application ◽

Information Source ◽

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Open source web application security: A static analysis approach

2016 International Conference on Engineering & MIS (ICEMIS) ◽

10.1109/icemis.2016.7745369 ◽

2016 ◽

Cited By ~ 4

Author(s):

Mamdouh Alenezi ◽

Yasir Javed

Keyword(s):

Open Source ◽

Static Analysis ◽

Web Application ◽

Analysis Approach ◽

Application Security

Vulnerability Scanning Technology on Web Applications

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35135 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 991-995

Author(s):

Aarushi Dwivedi

Keyword(s):

Web Application ◽

Web Applications ◽

Daily Life ◽

Modern Society ◽

Security Level ◽

Security Vulnerabilities ◽

Application Security ◽

Vulnerability Scanner ◽

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Testing Software and Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-47443-4_5 ◽

2016 ◽

pp. 70-85 ◽

Cited By ~ 6

Author(s):

Dimitris E. Simos ◽

Kristoffer Kleine ◽

Laleh Shikh Gholamhossein Ghandehari ◽

Bernhard Garn ◽

Yu Lei

Keyword(s):

Web Application ◽

Combinatorial Approach ◽

Security Testing ◽

Application Security ◽

International conference on Computer Science and Information Systems (ICSIS’2014) Oct 17-18, 2014 Dubai (UAE) ◽

An Imperative Analysis of diverse State of Art Solutions for Internet and Web Application Security

10.15242/iie.e1014055 ◽

2014 ◽

Keyword(s):

Web Application ◽

Application Security ◽

State Of Art

Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.15.21434 ◽

2018 ◽

Vol 7 (4.15) ◽

pp. 130

Author(s):

Emil Semastin ◽

Sami Azam ◽

Bharanidharan Shanmugam ◽

Krishnan Kannoorpatti ◽

Mirjam Jonokman ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Operating Cycle ◽

Web Based ◽

Business World ◽

Application Security ◽

Server Side ◽

Combined Solution ◽

Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.