Towards Cross-site Scripting Vulnerability Detection in Mobile Web Applications

Cross-site scripting vulnerabilities are among the top ten security vulnerabilities affecting web applications for the past decade and mobile version web applications more recently. They can cause serious problems for web users such as loss of personal information to web attackers, including financial and health information, denial of service attacks, and exposure to malware and viruses. Most of the proposed solutions focused only on the Desktop versions of web applications and overlooked the mobile versions. Increasing use of mobile phones to access web applications increases the threat of cross-site scripting attacks on mobile phones. This paper presents work in progress on detecting cross-site scripting vulnerabilities in mobile versions of web applications. It proposes an enhanced genetic algorithm-based approach that detects cross-site scripting vulnerabilities in mobile versions of web applications. This approach has been used in our previous work and successfully detected the said vulnerabilities in Desktop web applications. It has been enhanced and is currently being tested in mobile versions of web applications. Preliminary results have indicated success in the mobile versions of web applications also. This approach will enable web developers find cross-site scripting vulnerabilities in the mobile versions of their web applications before their release.

Download Full-text

Cross-Site Scripting

Innovations in SMEs and Conducting E-Business ◽

10.4018/978-1-60960-765-4.ch004 ◽

2011 ◽

pp. 61-75 ◽

Cited By ~ 1

Author(s):

Almudena Alcaide Raya ◽

Jorge Blasco Alis ◽

Eduardo Galán Herrero ◽

Agustín Orfila Diaz-Pabón

Keyword(s):

Computer Program ◽

Web Applications ◽

Personal Information ◽

Adequate Level ◽

Cross Site

As any other computer program, Web applications are susceptible of including vulnerabilities that may not only disrupt the provided service, but also facilitate private and personal information to an attacker. As these applications are usually public or even publicized, attacks are expected to be more and more frequent, making it necessary to supply the means to provide an adequate level of security in the utilization of Web applications.

Download Full-text

Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications

2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE) ◽

10.1109/jcsse.2015.7219789 ◽

2015 ◽

Cited By ~ 9

Author(s):

Mukesh Kumar Gupta ◽

Mahesh Chandra Govil ◽

Girdhari Singh

Keyword(s):

Web Applications ◽

Security Vulnerabilities ◽

Cross Site

Download Full-text

Research on Vulnerability Detection for Software Based on Taint Analysis

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.347-350.3715 ◽

2013 ◽

Vol 347-350 ◽

pp. 3715-3720

Author(s):

Bei Hai Liang ◽

Bin Bin Qu ◽

Sheng Jiang ◽

Chu Tian Ye

Keyword(s):

Web Sites ◽

Input Data ◽

Web Applications ◽

Detection Method ◽

Prototype System ◽

Vulnerability Detection ◽

User Input ◽

Finite State ◽

Treat All ◽

Cross Site

At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.

Download Full-text

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

International Journal of Recent Contributions from Engineering Science & IT (iJES) ◽

10.3991/ijes.v5i3.7330 ◽

2017 ◽

Vol 5 (3) ◽

pp. 26

Author(s):

Douglas Kunda ◽

Mumbi Chishimba ◽

Mwenge Mulenga ◽

Victoria Chama

Keyword(s):

Web Application ◽

Web Applications ◽

Application Development ◽

Mobile Web ◽

Web Application Development ◽

And Performance ◽

Session Hijacking ◽

Application Developers ◽

Cross Site ◽

Open Issues

The paper focuses on security and performance concerns in mobile web development. The approach used in the study involved surveying journal publications to identify security and performance concerns. The paper highlights some of the contemporary issues currently being faced by application developers as they create, update and maintain mobile web applications including Cross-Site Scripting, Cookie hijacking/theft, location hijacking, history theft, behaviour analysis, session hijacking, API design, security and the type of web server used considered.

Download Full-text

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

Applied Sciences ◽

10.3390/app10249119 ◽

2020 ◽

Vol 10 (24) ◽

pp. 9119

Author(s):

Francesc Mateo Tudela ◽

Juan-Ramón Bermejo Higuera ◽

Javier Bermejo Higuera ◽

Juan-Antonio Sicilia Montalvo ◽

Michael I. Argyros

Keyword(s):

Web Applications ◽

Security Analysis ◽

False Positives ◽

Vulnerability Detection ◽

Security Testing ◽

Security Vulnerabilities ◽

Security Vulnerability ◽

Interactive Analysis ◽

Testing Tools ◽

Analysis Tools

The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.

Download Full-text

The Limitations of Cross-Site Scripting Vulnerabilities Detection and Removal Techniques

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i3.1033 ◽

2021 ◽

Vol 12 (3) ◽

pp. 1975-1980

Author(s):

Isatou Hydara Et.al

Keyword(s):

Web Application ◽

Web Applications ◽

Future Research ◽

Web Pages ◽

Security Issue ◽

Security Vulnerabilities ◽

Research Directions ◽

Security Problem ◽

Future Research Directions ◽

Cross Site

Web applications have become very important tools in our daily activities as we use them to share and get information, conduct businesses, and interact with family and friends on social media through the Internet. Despite their importance, web applications are plagued with many security vulnerabilities that enable hackers to attack them and compromise user information and privacy. Cross-site scripting vulnerabilities are a type of injection vulnerabilities existing in web applications. They can lead to attacks in web applications due to the lack of proper validation of input data in the affected web pages of an application. Many approaches and techniques have been proposed to mitigate this type of vulnerabilities. However, these solutions have some limitations and cross-site scripting vulnerabilities still remain as a major security problem for web applications. This paper explores and presents the existing techniques for detecting and for removing cross-site scripting vulnerabilities in web application. It gives an overview of cross-site scripting as a security issue in web application and its different types. The advantages as well as the limitations of each techniques are highlighted and discussed. Based on the limitations, some possible future research directions are identified, and recommendations are given as reference for researchers interested in this topic.

Download Full-text

Vulnerability Scanning Technology on Web Applications

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35135 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 991-995

Author(s):

Aarushi Dwivedi

Keyword(s):

Web Application ◽

Web Applications ◽

Daily Life ◽

Modern Society ◽

Security Level ◽

Security Vulnerabilities ◽

Web Application Security ◽

Application Security ◽

Vulnerability Scanner ◽

Cross Site

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

Download Full-text

An Energy Efficiency Study of Web-Based Communication in Android Phones

Scientific Programming ◽

10.1155/2019/8235458 ◽

2019 ◽

Vol 2019 ◽

pp. 1-19 ◽

Cited By ~ 1

Author(s):

Inmaculada Ayala ◽

Mercedes Amor ◽

Lidia Fuentes

Keyword(s):

Energy Consumption ◽

Mobile Devices ◽

Energy Demand ◽

Web Applications ◽

Asynchronous Communication ◽

Mobile App ◽

Web Based ◽

Mobile Web ◽

The Impact ◽

Web Developers

Currently, mobile devices are the most popular pervasive computing devices, and they are becoming the primary way for accessing Internet. Battery is a critical resource in such personal computing gadgets, network communications being one of the primary energy consuming activities in any mobile app. Indeed, as web-based communication is the most used explicitly or implicitly by mobile devices, HTTP-based traffic is the most power demanding one. So, mobile web developers should be aware of how much energy demands the different web-based communication alternatives. The goal of this paper is to measure and compare the energy consumption of three asynchronous HTTP-based methods in mobile devices in different browsers. Our experiments focus on three HTTP-based asynchronous communication models that allow a web server to push data to a client browser through a HTTP/1.1 interaction: Polling, Long Polling, and WebSockets. The resulted measurements are then analysed to get more accurate understanding of the impact of the selected method, and the mobile browser, in the energy consumption of the asynchronous HTTP-based communication. The utility of these experiments is to show developers what are the factors and settings that mostly influence the energy consumption when different web-based asynchronous communication methods are used, helping them to choose the most beneficial solution if possible. With this information, mobile web developers should be able to reduce the power consumption of the front-end of web applications for mobile devices, just selecting and configuring the best asynchronous method or mobile browser, improving the performance of HTTP-based communication in terms of energy demand.

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text

Perceptions and Opinions towards Cell Phone Use as a Risk Factor of Brain Cancer among University Students in Malaysia

Asian Journal of Medical Sciences ◽

10.3126/ajms.v4i1.7808 ◽

2013 ◽

Vol 4 (1) ◽

pp. 1-4

Author(s):

Redhwan Ahmed Al-Naggar ◽

Yuri V Bobryshev

Keyword(s):

University Students ◽

Mobile Phones ◽

Brain Cancer ◽

Cell Phone ◽

Cell Phones ◽

Medical Sciences ◽

Cell Phone Use ◽

The Past ◽

Carcinogenic Effects ◽

Study Participants

The worldwide use of cell phones has rapidly increased over the past decades. With the increasing use of mobile phones, concern has been raised about the possible carcinogenic effects as a result of exposure to radiofrequency electromagnetic fields. The objective of this study was to explore the perceptions and opinions towards brain cancer related to cell phone use among university students in Malaysia. The study revealed that the majority of the study participants believe that there is no relationship between brain cancer and hand phone use.DOI: http://dx.doi.org/10.3126/ajms.v4i1.7808 Asian Journal of Medical Sciences 4(2013) 1-4

Download Full-text