Circe: A grammar-based oracle for testing Cross-site scripting in web applications

2013 ◽  
Author(s):  
Andrea Avancini ◽  
Mariano Ceccato
Keyword(s):  
Web Applications ◽  
Cross Site

Cross-Site Scripting

2011 ◽  
pp. 61-75 ◽  
Author(s):  
Almudena Alcaide Raya ◽  
Jorge Blasco Alis ◽  
Eduardo Galán Herrero ◽  
Agustín Orfila Diaz-Pabón
Keyword(s):  
Computer Program ◽  
Web Applications ◽  
Personal Information ◽  
Adequate Level ◽  
Cross Site

As any other computer program, Web applications are susceptible of including vulnerabilities that may not only disrupt the provided service, but also facilitate private and personal information to an attacker. As these applications are usually public or even publicized, attacks are expected to be more and more frequent, making it necessary to supply the means to provide an adequate level of security in the utilization of Web applications.

scholarly journals Towards Cross-site Scripting Vulnerability Detection in Mobile Web Applications

2018 ◽  
Vol 7 (4.1) ◽  
pp. 18
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  
Mobile Phones ◽  
Web Applications ◽  
Personal Information ◽  
Denial Of Service ◽  
Vulnerability Detection ◽  
Security Vulnerabilities ◽  
Mobile Web ◽  
The Past ◽  
Web Developers ◽  
Cross Site

Cross-site scripting vulnerabilities are among the top ten security vulnerabilities affecting web applications for the past decade and mobile version web applications more recently. They can cause serious problems for web users such as loss of personal information to web attackers, including financial and health information, denial of service attacks, and exposure to malware and viruses. Most of the proposed solutions focused only on the Desktop versions of web applications and overlooked the mobile versions. Increasing use of mobile phones to access web applications increases the threat of cross-site scripting attacks on mobile phones. This paper presents work in progress on detecting cross-site scripting vulnerabilities in mobile versions of web applications. It proposes an enhanced genetic algorithm-based approach that detects cross-site scripting vulnerabilities in mobile versions of web applications. This approach has been used in our previous work and successfully detected the said vulnerabilities in Desktop web applications. It has been enhanced and is currently being tested in mobile versions of web applications. Preliminary results have indicated success in the mobile versions of web applications also. This approach will enable web developers find cross-site scripting vulnerabilities in the mobile versions of their web applications before their release.  

scholarly journals Cross Site Scripting Attacks in Web-Based Applications

2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Learning Ability ◽  
Security Risk ◽  
Web Application Security ◽  
Web Based ◽  
Architectural Framework ◽  
Self Learning ◽  
Cross Site ◽  
The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

scholarly journals Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines

2015 ◽  
Vol 8 (30) ◽  
Author(s):  
Isatou Hydara ◽  
Abu Bakar Md Sultan ◽  
Hazura Zulzalil ◽  
Novia Admodisastro
Keyword(s):  
Web Applications ◽  
Cross Site

scholarly journals Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

2021 ◽  
Vol 3 (2) ◽  
pp. 149
Author(s):  
Ripto Mukti Wibowo ◽  
Aruji Sulaksono
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Cost Effective ◽  
Internet Technology ◽  
Cyber Attack ◽  
Security Threat ◽  
Web Application Security ◽  
Application Security ◽  
Case Examples ◽  
Cross Site

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

scholarly journals SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Monitoring Network ◽  
Sql Injection ◽  
Web Application Security ◽  
Ip Address ◽  
Application Security ◽  
Rule Set ◽  
Security Rule ◽  
Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Web Client and Web Server approaches to Prevent XSS Attacks

2005 ◽  
Vol 4 (2) ◽  
pp. 345-352 ◽  
Author(s):  
Jyoti Snehi ◽  
Dr. Renu Dhir
Keyword(s):  
Web Applications ◽  
Web Server ◽  
Background Process ◽  
Web Vulnerabilities ◽  
Cross Site

Websites rely completely on complex web applications to deliver content to all users according to set preferences and specific needs. In this manner organizations provide better value to their customers and prospects. Dynamic websites suffer from various vulnerabilities rendering organizations helpless and prone to cross site scripting attacks. Cross Site Scripting attacks are difficult to detect because they are executed as a background process. Cross Site Scripting is the most common web vulnerabilities in existence today which is most exploited issue .In this paper we have presented various approaches used by clients and Server to prevent XSS attacks

Sign in / Sign up

Export Citation Format

Share Document