On Security Issues in Web Applications through Cross Site Scripting (XSS)

2013 ◽  
Author(s):  
Vikas K. Malviya ◽  
Saket Saurav ◽  
Atul Gupta
Keyword(s):  
Web Applications ◽  
Security Issues ◽  
Cross Site

scholarly journals Addressing Web Application Security Issues and Vulnerabilities Assessment Pen Testing

2020 ◽  
Vol 8 (6) ◽  
pp. 2314-2321
Keyword(s):  
Vulnerability Assessment ◽  
Web Application ◽  
Web Applications ◽  
Sensitive Information ◽  
Security Measures ◽  
Security Issues ◽  
Online Sales ◽  
Application Service ◽  
Cross Site ◽  
The Web

The world relies heavily on the Internet, and every organization uses web applications extensively for information sharing, business purposes such as online sales, money transfer, etc., and Exchange services. Nowadays, providing security for web applications is the greatest challenge in the corporate world because web applications will be the main way for their daily business and if the web application is affected, then daily business and reputation will be affected. As many organizations have been using the web application service to share or store sensitive information about their clients and assets. So, Web Applications are inclined to security attacks and new security vulnerabilities have grown in the last two decades in a web application and have become an important target for attackers. So, it is very vital to secure a web application. The vulnerabilities in web applications will incur due to the security misconfigurations, programming mistakes, improper usage of security measures, etc. So, vulnerability assessment and pen testing will help to figure out the different vulnerabilities present in web applications. The websites are also using to deliver the critical services to its customers so it must run every time without any interception, to do this VAPT will play a crucial role. This paper reviews about vulnerability assessment and pretesting steps and types, website vulnerabilities like SQL Injection, Cross-Site scripting, file inclusion, cross-site request forgery, and broken authentication with types and remediations and also discuss how the effect of these vulnerabilities on a web application.

A Survey on various Security Issues in Health Data in Web Applications

2020 ◽  
Vol 5 (3) ◽  
pp. 84-89
Author(s):  
Maragathavalli P. ◽  
Seshankkumar M. ◽  
Dhivakaran V. ◽  
Ravindran S.
Keyword(s):  
Web Applications ◽  
Health Data ◽  
Security Issues

Cross-Site Scripting

2011 ◽  
pp. 61-75 ◽  
Author(s):  
Almudena Alcaide Raya ◽  
Jorge Blasco Alis ◽  
Eduardo Galán Herrero ◽  
Agustín Orfila Diaz-Pabón
Keyword(s):  
Computer Program ◽  
Web Applications ◽  
Personal Information ◽  
Adequate Level ◽  
Cross Site

As any other computer program, Web applications are susceptible of including vulnerabilities that may not only disrupt the provided service, but also facilitate private and personal information to an attacker. As these applications are usually public or even publicized, attacks are expected to be more and more frequent, making it necessary to supply the means to provide an adequate level of security in the utilization of Web applications.

scholarly journals BiometricAccessFilter: A Web Control Access System Based on Human Auditory Perception for Children Protection

Electronics ◽  
2020 ◽  
Vol 9 (2) ◽  
pp. 361 ◽  
Author(s):  
Muhammad Ilyas ◽  
Régis Fournier ◽  
Alice Othmani ◽  
Amine Nait-Ali
Keyword(s):  
Age Estimation ◽  
Auditory Perception ◽  
Web Applications ◽  
Web Security ◽  
Point Of View ◽  
Web Content ◽  
Security Issues ◽  
Individual Privacy ◽  
Web Access ◽  
Web Control

Along with internet growth, security issues come into existence. Efficient tools to control access and to filter undesirable web content are needed all the time. In this paper, a control access method for web security based on age estimation is proposed, where the correlation between human age and auditory perception is taken into account. In particular, access is denied if a person’s age is not appropriate for the given web content. Unlike existing web access filters, our biometric approach offers greater security and protection to individual privacy. From a technical point of view, the machine-learning regression model is used to estimate the person’s age. The primary contributions of this paper include an age estimation module based on human auditory perception and provision of an open-source web filter to prevent adults from accessing children web applications. The proposed system can also be used to limit the access of children to a webpage specially designed for adults. Our system is evaluated with a dataset collected from 201 persons with different ages from 06 to 60 years old, where it considered 109 male and 82 female volunteers. Results indicate that our system can estimate the age of a person with an accuracy of 97.04% and a root mean square error (RMSE) of 4.2 years. It presents significant performances in the verification scenario with an Equal Error Rate (EER) of 1.4%.

scholarly journals A Taxonomy for Security Flaws in Event-Based Systems

2020 ◽  
Vol 10 (20) ◽  
pp. 7338
Author(s):  
Youn Kyu Lee ◽  
Dohoon Kim
Keyword(s):  
Mobile Applications ◽  
Web Applications ◽  
Communication Model ◽  
Security Threats ◽  
Security Attacks ◽  
Security Vulnerabilities ◽  
Physical Systems ◽  
Security Issues ◽  
Event Based ◽  
The Relationship

Event-based system (EBS) is prevalent in various systems including mobile cyber physical systems (MCPSs), Internet of Things (IoT) applications, mobile applications, and web applications, because of its particular communication model that uses implicit invocation and concurrency between components. However, an EBS’s non-determinism in event processing can introduce inherent security vulnerabilities into the system. Multiple types of attacks can incapacitate and damage a target EBS by exploiting this event-based communication model. To minimize the risk of security threats in EBSs, security efforts are required by determining the types of security flaws in the system, the relationship between the flaws, and feasible techniques for dealing with each flaw. However, existing security flaw taxonomies do not appropriately reflect the security issues that originate from an EBS’s characteristics. In this paper, we introduce a new taxonomy that defines and classifies the particular types of inherent security flaws in an EBS, which can serve as a basis for resolving its specific security problems. We also correlate our taxonomy with security attacks that can exploit each flaw and identify existing solutions that can be applied to preventing such attacks. We demonstrate that our taxonomy handles particular aspects of EBSs not covered by existing taxonomies.

scholarly journals Towards Cross-site Scripting Vulnerability Detection in Mobile Web Applications

2018 ◽  
Vol 7 (4.1) ◽  
pp. 18
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  
Mobile Phones ◽  
Web Applications ◽  
Personal Information ◽  
Denial Of Service ◽  
Vulnerability Detection ◽  
Security Vulnerabilities ◽  
Mobile Web ◽  
The Past ◽  
Web Developers ◽  
Cross Site

Cross-site scripting vulnerabilities are among the top ten security vulnerabilities affecting web applications for the past decade and mobile version web applications more recently. They can cause serious problems for web users such as loss of personal information to web attackers, including financial and health information, denial of service attacks, and exposure to malware and viruses. Most of the proposed solutions focused only on the Desktop versions of web applications and overlooked the mobile versions. Increasing use of mobile phones to access web applications increases the threat of cross-site scripting attacks on mobile phones. This paper presents work in progress on detecting cross-site scripting vulnerabilities in mobile versions of web applications. It proposes an enhanced genetic algorithm-based approach that detects cross-site scripting vulnerabilities in mobile versions of web applications. This approach has been used in our previous work and successfully detected the said vulnerabilities in Desktop web applications. It has been enhanced and is currently being tested in mobile versions of web applications. Preliminary results have indicated success in the mobile versions of web applications also. This approach will enable web developers find cross-site scripting vulnerabilities in the mobile versions of their web applications before their release.  

scholarly journals Cross Site Scripting Attacks in Web-Based Applications

2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Learning Ability ◽  
Security Risk ◽  
Web Application Security ◽  
Web Based ◽  
Architectural Framework ◽  
Self Learning ◽  
Cross Site ◽  
The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

Sign in / Sign up

Export Citation Format

Share Document