A hybrid of CNN and LSTM methods for securing web application against cross-site scripting attack

Cross-site scripting (XSS) is today one of the biggest threatthat could targeting the Web application. Based on study published by the open web applications security project (OWASP), XSS vulnerability has been present among the TOP 10 Web application vulnerabilities.Still,an important security-related issue remains how to effectively protect web applications from XSS attacks.In first part of this paper, a method for detecting XSS attack was proposed by combining convolutional neural network (CNN) with long short term memories (LSTM), Initially, pre-processing was applied to XSS Data Set by decoding, generalization and tokanization, and then word2vec was applied to convert words into word vectors in XSS payloads. And then we use the combination CNN with LSTM to train and test word vectors to produce a model that can be used in a web application. Based on the obtaned results, it is observed that the proposed model achevied an excellent result with accuracy of 99.4%.

Download Full-text

Cross Site Scripting Attacks in Web-Based Applications

Journal of Advances in Science and Engineering ◽

10.37121/jase.v1i2.19 ◽

2018 ◽

Vol 1 (2) ◽

pp. 25-35

Author(s):

Aliga Paul Aliga ◽

Adetokunbo MacGregor John-Otumu ◽

Rebecca E Imhanhahimi ◽

Atuegbelo Confidence Akpe

Keyword(s):

Web Application ◽

Web Applications ◽

Learning Ability ◽

Security Risk ◽

Web Application Security ◽

Web Based ◽

Architectural Framework ◽

Self Learning ◽

Cross Site ◽

The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

Download Full-text

Web Server Hacking

Constructing an Ethical Hacking Knowledge Base for Threat Awareness and Prevention ◽

10.4018/978-1-5225-7628-0.ch008 ◽

2019 ◽

pp. 209-243

Keyword(s):

Web Application ◽

Web Applications ◽

Web Server ◽

Dos Attacks ◽

Web Servers ◽

Server Software ◽

Session Hijacking ◽

High Level ◽

Cross Site ◽

The Web

Organizational web servers reflect the public image of an organization and serve web pages/information to organizational clients via web browsers using HTTP protocol. Some of the web server software may contain web applications that enable users to perform high-level tasks, such as querying a database and delivering the output through the web server to the client browser as an HTML file. Hackers always try to exploit the different vulnerabilities or flaws existing in web servers and web applications, which can pose a big threat for an organization. This chapter provides the importance of protecting web servers and applications along with the different tools used for analyzing the security of web servers and web applications. The chapter also introduces different web attacks that are carried out by an attacker either to gain illegal access to the web server data or reduce the availability of web services. The web server attacks includes denial of service (DOS) attacks, buffer overflow exploits, website defacement with sql injection (SQLi) attacks, cross site scripting (XSS) attacks, remote file inclusion (RFI) attacks, directory traversal attacks, phishing attacks, brute force attacks, source code disclosure attacks, session hijacking, parameter form tampering, man-in-the-middle (MITM) attacks, HTTP response splitting attacks, cross-site request forgery (XSRF), lightweight directory access protocol (LDAP) attacks, and hidden field manipulation attacks. The chapter explains different web server and web application testing tools and vulnerability scanners including Nikto, BurpSuite, Paros, IBM AppScan, Fortify, Accunetix, and ZAP. Finally, the chapter also discusses countermeasures to be implemented while designing any web application for any organization in order to reduce the risk.

Download Full-text

Server Side Method to Detect and Prevent Stored XSS Attack

Iraqi Journal for Electrical And Electronic Engineering ◽

10.37917/ijeee.17.2.8 ◽

2021 ◽

Vol 17 (2) ◽

pp. 58-65

Author(s):

Iman Khazal ◽

Mohammed Hussain

Keyword(s):

Open Source ◽

Web Application ◽

Web Applications ◽

User Input ◽

Server Side ◽

Cross Site ◽

The Web

Cross-Site Scripting (XSS) is one of the most common and dangerous attacks. The user is the target of an XSS attack, but the attacker gains access to the user by exploiting an XSS vulnerability in a web application as Bridge. There are three types of XSS attacks: Reflected, Stored, and Dom-based. This paper focuses on the Stored-XSS attack, which is the most dangerous of the three. In Stored-XSS, the attacker injects a malicious script into the web application and saves it in the website repository. The proposed method in this paper has been suggested to detect and prevent the Stored-XSS. The prevent Stored-XSS Server (PSS) was proposed as a server to test and sanitize the input to web applications before saving it in the database. Any user input must be checked to see if it contains a malicious script, and if so, the input must be sanitized and saved in the database instead of the harmful input. The PSS is tested using a vulnerable open-source web application and succeeds in detection by determining the harmful script within the input and prevent the attack by sterilized the input with an average time of 0.3 seconds.

Download Full-text

Keamanan Aplikasi Web Melalui Penerapan Cross Site Request Forgery(CSRF)

ITEJ (Information Technology Engineering Journals) ◽

10.24235/itej.v1i2.10 ◽

2016 ◽

Vol 1 (2) ◽

pp. 46-62

Author(s):

Taufik Ramadan Firdaus

Keyword(s):

Web Application ◽

Web Applications ◽

Treatment Method ◽

The Internet ◽

Wide Range ◽

The Media ◽

Cross Site Request Forgery ◽

Cross Site ◽

The Web

Currently the Internet became one of the media that can not be separated, as well as a wide variety of applications supplied her. As the development of technologies, reliance on Web applications also increased. However, web applications have a wide range of threats, one of it is a CSRF (Cross-Site Request Forgery). This study uses CSRF (Cross-Site Request Forgery) Protection. CSRF (Cross-Site Request Forgery) Protection is a treatment method that has a variety of ways, one of which uses a token in the session when the user login. Token generated at login will be used as a user id that the system of web applications to identify where the request originated. The results of this study are expected in order to increase web application defenses against CSRF (Cross-Site Request Forgery), so that web application users will be able to feel safe in using the Internet and its various feature. Reduced level of attacks on web applications. So that visitor traffic on the web application can be increased.

Download Full-text

Research on PM2.5 Spatiotemporal Forecasting Model Based on LSTM Neural Network

Computational Intelligence and Neuroscience ◽

10.1155/2021/1616806 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Fang Zhao ◽

Ziyi Liang ◽

Qiyan Zhang ◽

Dewen Seng ◽

Xiyuan Chen

Keyword(s):

Neural Network ◽

Air Quality ◽

Short Term Memory ◽

Environmental Data ◽

Weather Data ◽

Short Term ◽

Concentration Data ◽

Data Set ◽

Term Memory ◽

Proposed Model

Accurate monitoring of air quality can no longer meet people’s needs. People hope to predict air quality in advance and make timely warnings and defenses to minimize the threat to life. This paper proposed a new air quality spatiotemporal prediction model to predict future air quality and is based on a large number of environmental data and a long short-term memory (LSTM) neural network. In order to capture the spatial and temporal characteristics of the pollutant concentration data, the data of the five sites with the highest correlation of time-series concentration of PM2.5 (particles with aerodynamic diameter ≤2.5 mm) at the experimental site were first extracted, and the weather data and other pollutant data at the same time were merged in the next step, extracting advanced spatiotemporal features through long- and short-term memory neural networks. The model presented in this paper was compared with other baseline models on the hourly PM2.5 concentration data set collected at 35 air quality monitoring sites in Beijing from January 1, 2016, to December 31, 2017. The experimental results show that the performance of the proposed model is better than other baseline models.

Download Full-text

Addressing Web Application Security Issues and Vulnerabilities Assessment Pen Testing

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f8169.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 2314-2321

Keyword(s):

Vulnerability Assessment ◽

Web Application ◽

Web Applications ◽

Sensitive Information ◽

Security Measures ◽

Security Issues ◽

Online Sales ◽

Application Service ◽

Cross Site ◽

The Web

The world relies heavily on the Internet, and every organization uses web applications extensively for information sharing, business purposes such as online sales, money transfer, etc., and Exchange services. Nowadays, providing security for web applications is the greatest challenge in the corporate world because web applications will be the main way for their daily business and if the web application is affected, then daily business and reputation will be affected. As many organizations have been using the web application service to share or store sensitive information about their clients and assets. So, Web Applications are inclined to security attacks and new security vulnerabilities have grown in the last two decades in a web application and have become an important target for attackers. So, it is very vital to secure a web application. The vulnerabilities in web applications will incur due to the security misconfigurations, programming mistakes, improper usage of security measures, etc. So, vulnerability assessment and pen testing will help to figure out the different vulnerabilities present in web applications. The websites are also using to deliver the critical services to its customers so it must run every time without any interception, to do this VAPT will play a crucial role. This paper reviews about vulnerability assessment and pretesting steps and types, website vulnerabilities like SQL Injection, Cross-Site scripting, file inclusion, cross-site request forgery, and broken authentication with types and remediations and also discuss how the effect of these vulnerabilities on a web application.

Download Full-text

THE USE OF WEB APPLICATIONS FOR THE SELECTION OF CROP GROWING TECHNOLOGIES

Siberian Herald of Agricultural Science ◽

10.26898/0370-8799-2018-3-11 ◽

2018 ◽

Vol 48 (3) ◽

pp. 84-90 ◽

Cited By ~ 1

Author(s):

E. A. Lapchenko ◽

S. P. Isakova ◽

T. N. Bobrova ◽

L. A. Kolpakova

Keyword(s):

Web Application ◽

Crop Production ◽

Web Applications ◽

Weather Forecast ◽

Technical Institute ◽

Software Complex ◽

Agricultural Enterprise ◽

Weather Situation ◽

The Web ◽

Selection Of

It is shown that the application of the Internet technologies is relevant in the selection of crop production technologies and the formation of a rational composition of the machine-and-tractor fl eet taking into account the conditions and production resources of a particular agricultural enterprise. The work gives a short description of the web applications, namely “ExactFarming”, “Agrivi” and “AgCommand” that provide a possibility to select technologies and technical means of soil treatment, and their functions. “ExactFarming” allows to collect and store information about temperature, precipitation and weather forecast in certain areas, keep records of information about crops and make technological maps using expert templates. “Agrivi” allows to store and provide access to weather information in the fi elds with certain crops. It has algorithms to detect and make warnings about risks related to diseases and pests, as well as provides economic calculations of crop profi tability and crop planning. “AgCommand” allows to track the position of machinery and equipment in the fi elds and provides data on the weather situation in order to plan the use of agricultural machinery in the fi elds. The web applications presented hereabove do not show relation between the technologies applied and agro-climatic features of the farm location zone. They do not take into account the phytosanitary conditions in the previous years, or the relief and contour of the fi elds while drawing up technological maps or selecting the machine-and-tractor fl eet. Siberian Physical-Technical Institute of Agrarian Problems of Siberian Federal Scientifi c Center of AgroBioTechnologies of the Russian Academy of Sciences developed a software complex PIKAT for supporting machine agrotechnologies for production of spring wheat grain at an agricultural enterprise, on the basis of which there is a plan to develop a web application that will consider all the main factors limiting the yield of cultivated crops.

Download Full-text

A Sign of Things to Come: Predicting the Perception of Above-the-Fold Time in Web Browsing

Future Internet ◽

10.3390/fi13020050 ◽

2021 ◽

Vol 13 (2) ◽

pp. 50

Author(s):

Hamed Z. Jahromi ◽

Declan Delaney ◽

Andrew Hines

Keyword(s):

Web Application ◽

Web Applications ◽

State Of The Art ◽

Influencing Factor ◽

The State ◽

Experimental Result ◽

Web Page ◽

To Come ◽

Web Quality ◽

The Web

Content is a key influencing factor in Web Quality of Experience (QoE) estimation. A web user’s satisfaction can be influenced by how long it takes to render and visualize the visible parts of the web page in the browser. This is referred to as the Above-the-fold (ATF) time. SpeedIndex (SI) has been widely used to estimate perceived web page loading speed of ATF content and a proxy metric for Web QoE estimation. Web application developers have been actively introducing innovative interactive features, such as animated and multimedia content, aiming to capture the users’ attention and improve the functionality and utility of the web applications. However, the literature shows that, for the websites with animated content, the estimated ATF time using the state-of-the-art metrics may not accurately match completed ATF time as perceived by users. This study introduces a new metric, Plausibly Complete Time (PCT), that estimates ATF time for a user’s perception of websites with and without animations. PCT can be integrated with SI and web QoE models. The accuracy of the proposed metric is evaluated based on two publicly available datasets. The proposed metric holds a high positive Spearman’s correlation (rs=0.89) with the Perceived ATF reported by the users for websites with and without animated content. This study demonstrates that using PCT as a KPI in QoE estimation models can improve the robustness of QoE estimation in comparison to using the state-of-the-art ATF time metric. Furthermore, experimental result showed that the estimation of SI using PCT improves the robustness of SI for websites with animated content. The PCT estimation allows web application designers to identify where poor design has significantly increased ATF time and refactor their implementation before it impacts end-user experience.

Download Full-text

Sentence similarity evaluation using Sent2Vec and siamese neural network with parallel structure

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-189593 ◽

2021 ◽

pp. 1-10

Author(s):

Hye-Jeong Song ◽

Tak-Sung Heo ◽

Jong-Dae Kim ◽

Chan-Young Park ◽

Yu-Seop Kim

Keyword(s):

Neural Network ◽

Language Processing ◽

Short Term Memory ◽

Parallel Structure ◽

Short Term ◽

Similarity Estimation ◽

Accurate Judgment ◽

Proposed Model ◽

Sentence Similarity ◽

Long Short Term Memory

Sentence similarity evaluation is a significant task used in machine translation, classification, and information extraction in the field of natural language processing. When two sentences are given, an accurate judgment should be made whether the meaning of the sentences is equivalent even if the words and contexts of the sentences are different. To this end, existing studies have measured the similarity of sentences by focusing on the analysis of words, morphemes, and letters. To measure sentence similarity, this study uses Sent2Vec, a sentence embedding, as well as morpheme word embedding. Vectors representing words are input to the 1-dimension convolutional neural network (1D-CNN) with various sizes of kernels and bidirectional long short-term memory (Bi-LSTM). Self-attention is applied to the features transformed through Bi-LSTM. Subsequently, vectors undergoing 1D-CNN and self-attention are converted through global max pooling and global average pooling to extract specific values, respectively. The vectors generated through the above process are concatenated to the vector generated through Sent2Vec and are represented as a single vector. The vector is input to softmax layer, and finally, the similarity between the two sentences is determined. The proposed model can improve the accuracy by up to 5.42% point compared with the conventional sentence similarity estimation models.

Download Full-text

Task Modelling for the Web (Aufgabenmodellierung für interaktive Webanwendungen)

i-com ◽

10.1524/icom.2007.6.3.23 ◽

2008 ◽

Vol 6 (3/2007) ◽

pp. 23-29 ◽

Cited By ~ 2

Author(s):

Birgit Bomsdorf

Keyword(s):

Task Performance ◽

Web Application ◽

Development Process ◽

Web Applications ◽

Web Engineering ◽

Time Usage ◽

Build Time ◽

Object Models ◽

The Web ◽

Modelling Approach

SummaryTask modelling has entered the development process of web applications, strengthening the usage-centred view within the early steps in Web-Engineering (WE). In current approaches, however, this view is not kept up during subsequent activities to the same degree as this is the case in the field of Human-Computer-Interaction (HCI). The modelling approach presented in this contribution combines models as known from WE with models used in HCI to change this situation. Basically the WE-HCI-integration is supported by combining task and object models as known from HCI with conceptual modelling known from WE. In this paper, the main focus is on the WebTaskModel, a task model adapted to web application concerns, and its contribution towards a task-related web user interface. The main difference to existing task models is the build-time and run-time usage of a generic task lifecycle. Hereby the description of exceptions and erroneous situations during task performance (caused by, e.g., the stateless protocol or Browser interaction) is enabled and at the same time clearly separated from the flow of correct action.

Download Full-text