An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications

Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML)...

Full description

Bibliographic Details
Main Author: Hydara, Isatou
Format: Thesis
Language:English
Published: 2015
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf
_version_ 1796976622364000256
author Hydara, Isatou
author_facet Hydara, Isatou
author_sort Hydara, Isatou
collection UPM
description Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML) pages of an application. The presence of XSS vulnerabilities in applications source codes enables XSS attacks to take place. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. XSS vulnerabilities are easy to exploit but difficult to eliminate. Many solutions have been proposed for their mitigation, however, the problem still persists. Many web applications are vulnerable to XSS and are attacked frequently. Most of the previously proposed approaches focused on preventing and detecting XSS attacks during runtime, after vulnerable applications are already deployed. Few approaches have focused on removing the vulnerabilities from the source codes before deployment of the applications. The presence of XSS vulnerabilities in an application makes it easy to attack successfully during runtime. Also most of these approaches only focused on the detection of type I and II XSS but not on type III XSS, which is more difficult to eliminate. In this research, an approach has been proposed that explores the combination of genetic algorithms with static analysis, and a code replacement method to address the problem of XSS at the source code level. The objectives are to detect and remove XSS vulnerabilities from the source code before an application is deployed, thereby,preventing XSS attacks from taking place. The evaluation results are promising as the empirical validation has proven that the proposed approach has a higher precision of detecting XSS vulnerabilities than previously proposed solutions it is compared to. This approach is also able to remove the vulnerabilities detected in the tested web application source codes. Consequently, the objectives of the research were met and the expected results were achieved. This research work was limited to Java based web applications. In future research, the method can be extended to include other programming languages as well as other similar web application security vulnerabilities.
first_indexed 2024-03-06T09:28:21Z
format Thesis
id upm.eprints-57098
institution Universiti Putra Malaysia
language English
last_indexed 2024-03-06T09:28:21Z
publishDate 2015
record_format dspace
spelling upm.eprints-570982017-08-23T02:11:11Z http://psasir.upm.edu.my/id/eprint/57098/ An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications Hydara, Isatou Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML) pages of an application. The presence of XSS vulnerabilities in applications source codes enables XSS attacks to take place. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. XSS vulnerabilities are easy to exploit but difficult to eliminate. Many solutions have been proposed for their mitigation, however, the problem still persists. Many web applications are vulnerable to XSS and are attacked frequently. Most of the previously proposed approaches focused on preventing and detecting XSS attacks during runtime, after vulnerable applications are already deployed. Few approaches have focused on removing the vulnerabilities from the source codes before deployment of the applications. The presence of XSS vulnerabilities in an application makes it easy to attack successfully during runtime. Also most of these approaches only focused on the detection of type I and II XSS but not on type III XSS, which is more difficult to eliminate. In this research, an approach has been proposed that explores the combination of genetic algorithms with static analysis, and a code replacement method to address the problem of XSS at the source code level. The objectives are to detect and remove XSS vulnerabilities from the source code before an application is deployed, thereby,preventing XSS attacks from taking place. The evaluation results are promising as the empirical validation has proven that the proposed approach has a higher precision of detecting XSS vulnerabilities than previously proposed solutions it is compared to. This approach is also able to remove the vulnerabilities detected in the tested web application source codes. Consequently, the objectives of the research were met and the expected results were achieved. This research work was limited to Java based web applications. In future research, the method can be extended to include other programming languages as well as other similar web application security vulnerabilities. 2015-05 Thesis NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf Hydara, Isatou (2015) An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications. Masters thesis, Universiti Putra Malaysia. Web services - Computer networks - Web sites - Computer security Security measures
spellingShingle Web services - Computer networks - Web sites - Computer security
Security measures
Hydara, Isatou
An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_full An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_fullStr An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_full_unstemmed An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_short An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_sort approach to improve detecting and removing cross site scripting vulnerabilities in web applications
topic Web services - Computer networks - Web sites - Computer security
Security measures
url http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf
work_keys_str_mv AT hydaraisatou anapproachtoimprovedetectingandremovingcrosssitescriptingvulnerabilitiesinwebapplications
AT hydaraisatou approachtoimprovedetectingandremovingcrosssitescriptingvulnerabilitiesinwebapplications