Circe: A grammar-based oracle for testing Cross-site scripting in web applications

Author(s):  
Andrea Avancini ◽  
Mariano Ceccato
Keyword(s):  
Author(s):  
Almudena Alcaide Raya ◽  
Jorge Blasco Alis ◽  
Eduardo Galán Herrero ◽  
Agustín Orfila Diaz-Pabón

As any other computer program, Web applications are susceptible of including vulnerabilities that may not only disrupt the provided service, but also facilitate private and personal information to an attacker. As these applications are usually public or even publicized, attacks are expected to be more and more frequent, making it necessary to supply the means to provide an adequate level of security in the utilization of Web applications.


2018 ◽  
Vol 7 (4.1) ◽  
pp. 18
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro

Cross-site scripting vulnerabilities are among the top ten security vulnerabilities affecting web applications for the past decade and mobile version web applications more recently. They can cause serious problems for web users such as loss of personal information to web attackers, including financial and health information, denial of service attacks, and exposure to malware and viruses. Most of the proposed solutions focused only on the Desktop versions of web applications and overlooked the mobile versions. Increasing use of mobile phones to access web applications increases the threat of cross-site scripting attacks on mobile phones. This paper presents work in progress on detecting cross-site scripting vulnerabilities in mobile versions of web applications. It proposes an enhanced genetic algorithm-based approach that detects cross-site scripting vulnerabilities in mobile versions of web applications. This approach has been used in our previous work and successfully detected the said vulnerabilities in Desktop web applications. It has been enhanced and is currently being tested in mobile versions of web applications. Preliminary results have indicated success in the mobile versions of web applications also. This approach will enable web developers find cross-site scripting vulnerabilities in the mobile versions of their web applications before their release.  


2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.


2015 ◽  
Vol 8 (30) ◽  
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  

2021 ◽  
Vol 3 (2) ◽  
pp. 149
Author(s):  
Ripto Mukti Wibowo ◽  
Aruji Sulaksono

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.


2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.


2005 ◽  
Vol 4 (2) ◽  
pp. 345-352 ◽  
Author(s):  
Jyoti Snehi ◽  
Dr. Renu Dhir

Websites rely completely on complex web applications to deliver content to all users according to set preferences and specific needs. In this manner organizations provide better value to their customers and prospects. Dynamic websites suffer from various vulnerabilities rendering organizations helpless and prone to cross site scripting attacks. Cross Site Scripting attacks are difficult to detect because they are executed as a background process. Cross Site Scripting is the most common web vulnerabilities in existence today which is most exploited issue .In this paper we have presented various approaches used by clients and Server to prevent XSS attacks


Sign in / Sign up

Export Citation Format

Share Document