Countering Cross-Site Scripting in Web-Based Applications

Web Based ◽

Application Security ◽

Dynamic Web ◽

Web Vulnerabilities ◽

Today's dynamic web-based applications have become a normal and critical asset to an organizations business. They come with an increase in the number of web vulnerabilities and attacks. These weaknesses allow hackers to focus their attention on attacking this important information source. The most common vulnerability is cross-site scripting (XSS) and one of the Open Web Application Security project (OWASP) top ten web-threats. XSS occurs when a Web-based application allows untrusted information be accepted and sent back to a browser. Also they can execute scripts within a browser that can deface web sites, redirect users to malicious content and hijack browsers. One reason for this problem was the lack of developers understanding the causes of XSS. In this paper, the authors address the causes of XSS and countermeasures to defense against these threats.

Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.15.21434 ◽

2018 ◽

Vol 7 (4.15) ◽

pp. 130

Author(s):

Emil Semastin ◽

Sami Azam ◽

Bharanidharan Shanmugam ◽

Krishnan Kannoorpatti ◽

Mirjam Jonokman ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Operating Cycle ◽

Web Based ◽

Business World ◽

Application Security ◽

Server Side ◽

Combined Solution ◽

Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

Cross Site Scripting Attacks in Web-Based Applications

Journal of Advances in Science and Engineering ◽

10.37121/jase.v1i2.19 ◽

2018 ◽

Vol 1 (2) ◽

pp. 25-35

Author(s):

Aliga Paul Aliga ◽

Adetokunbo MacGregor John-Otumu ◽

Rebecca E Imhanhahimi ◽

Atuegbelo Confidence Akpe

Keyword(s):

Web Application ◽

Web Applications ◽

Learning Ability ◽

Security Risk ◽

Web Based ◽

Architectural Framework ◽

Self Learning ◽

Cross Site ◽

The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

Analisis Keamanan Sistem Informasi Berbasis Website Dengan Metode Open Web Application Security Project (OWASP) Versi 4: Systematic Review

Computer Engineering Science and System Journal ◽

10.24114/cess.v5i2.17149 ◽

2020 ◽

Vol 5 (2) ◽

pp. 185

Author(s):

Anggi Elanda ◽

Robby Lintang Buana

Keyword(s):

Systematic Review ◽

Information System ◽

Web Application ◽

Web Server ◽

Security Level ◽

Web Based ◽

Non Profit ◽

Application Security

Abstract -- OWASP (Open Web Application Security Project) version 4 issued by a non-profit organization called owasp.org which is dedicated to the security of web-based applications. This systematic review is intended to review whether the Open Web Application Security Project (OWASP) method is widely used to detect security in a website-based Information System. In this systematic review, we review 3 literature from several publisher sources and make a comparison regarding OWASP version 4 results and the security level of a web server from the publisher's source.Keywords— OWASP, Website Vulnerability, Website Security Detection

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Indonesian Journal of Information Systems ◽

10.24002/ijis.v3i2.4192 ◽

2021 ◽

Vol 3 (2) ◽

pp. 149

Author(s):

Ripto Mukti Wibowo ◽

Aruji Sulaksono

Keyword(s):

Web Application ◽

Web Applications ◽

Cost Effective ◽

Internet Technology ◽

Cyber Attack ◽

Security Threat ◽

Application Security ◽

Case Examples ◽

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.4.107 ◽

2018 ◽

Vol 2 (4) ◽

pp. 286 ◽

Cited By ~ 1

Author(s):

Robinson ◽

Memen Akbar ◽

Muhammad Arif Fadhly Ridha

Keyword(s):

Web Application ◽

Web Applications ◽

Monitoring Network ◽

Sql Injection ◽

Ip Address ◽

Application Security ◽

Rule Set ◽

Security Rule ◽

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Web application security: Improving critical web-based applications quality through in-depth security analysis

International Conference on Information Society (i-Society 2011) ◽

10.1109/i-society18435.2011.5978496 ◽

2011 ◽

Cited By ~ 4

Author(s):

Nuno Teodoro ◽

Carlos Serrao

Keyword(s):

Web Application ◽

Security Analysis ◽

Web Based ◽

Application Security

Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting

Procedia Computer Science ◽

10.1016/j.procs.2019.11.230 ◽

2019 ◽

Vol 161 ◽

pp. 1173-1181 ◽

Cited By ~ 1

Author(s):

Abdalla Wasef Marashdih ◽

Zarul Fitri Zaaba ◽

Khaled Suwais ◽

Nur Azimah Mohd

Keyword(s):

Static Analysis ◽

Web Application ◽

Application Security ◽

Vulnerability Scanning Technology on Web Applications

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.35135 ◽

2021 ◽

Vol 9 (VI) ◽

pp. 991-995

Author(s):

Aarushi Dwivedi

Keyword(s):

Web Application ◽

Web Applications ◽

Daily Life ◽

Modern Society ◽

Security Level ◽

Security Vulnerabilities ◽

Application Security ◽

Vulnerability Scanner ◽

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Testing Software and Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-47443-4_5 ◽

2016 ◽

pp. 70-85 ◽

Cited By ~ 6

Author(s):

Dimitris E. Simos ◽

Kristoffer Kleine ◽

Laleh Shikh Gholamhossein Ghandehari ◽

Bernhard Garn ◽

Yu Lei

Keyword(s):

Web Application ◽

Combinatorial Approach ◽

Security Testing ◽

Application Security ◽