An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications

Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML)...

Full description

Saved in:
Bibliographic Details
Main Author: Hydara, Isatou
Format: Thesis
Language:English
Published: 2015
Online Access:http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf
http://psasir.upm.edu.my/id/eprint/57098/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Putra Malaysia
Language: English
id my.upm.eprints.57098
record_format eprints
spelling my.upm.eprints.570982017-08-23T02:11:11Z http://psasir.upm.edu.my/id/eprint/57098/ An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications Hydara, Isatou Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML) pages of an application. The presence of XSS vulnerabilities in applications source codes enables XSS attacks to take place. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. XSS vulnerabilities are easy to exploit but difficult to eliminate. Many solutions have been proposed for their mitigation, however, the problem still persists. Many web applications are vulnerable to XSS and are attacked frequently. Most of the previously proposed approaches focused on preventing and detecting XSS attacks during runtime, after vulnerable applications are already deployed. Few approaches have focused on removing the vulnerabilities from the source codes before deployment of the applications. The presence of XSS vulnerabilities in an application makes it easy to attack successfully during runtime. Also most of these approaches only focused on the detection of type I and II XSS but not on type III XSS, which is more difficult to eliminate. In this research, an approach has been proposed that explores the combination of genetic algorithms with static analysis, and a code replacement method to address the problem of XSS at the source code level. The objectives are to detect and remove XSS vulnerabilities from the source code before an application is deployed, thereby,preventing XSS attacks from taking place. The evaluation results are promising as the empirical validation has proven that the proposed approach has a higher precision of detecting XSS vulnerabilities than previously proposed solutions it is compared to. This approach is also able to remove the vulnerabilities detected in the tested web application source codes. Consequently, the objectives of the research were met and the expected results were achieved. This research work was limited to Java based web applications. In future research, the method can be extended to include other programming languages as well as other similar web application security vulnerabilities. 2015-05 Thesis NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf Hydara, Isatou (2015) An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications. Masters thesis, Universiti Putra Malaysia.
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML) pages of an application. The presence of XSS vulnerabilities in applications source codes enables XSS attacks to take place. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. XSS vulnerabilities are easy to exploit but difficult to eliminate. Many solutions have been proposed for their mitigation, however, the problem still persists. Many web applications are vulnerable to XSS and are attacked frequently. Most of the previously proposed approaches focused on preventing and detecting XSS attacks during runtime, after vulnerable applications are already deployed. Few approaches have focused on removing the vulnerabilities from the source codes before deployment of the applications. The presence of XSS vulnerabilities in an application makes it easy to attack successfully during runtime. Also most of these approaches only focused on the detection of type I and II XSS but not on type III XSS, which is more difficult to eliminate. In this research, an approach has been proposed that explores the combination of genetic algorithms with static analysis, and a code replacement method to address the problem of XSS at the source code level. The objectives are to detect and remove XSS vulnerabilities from the source code before an application is deployed, thereby,preventing XSS attacks from taking place. The evaluation results are promising as the empirical validation has proven that the proposed approach has a higher precision of detecting XSS vulnerabilities than previously proposed solutions it is compared to. This approach is also able to remove the vulnerabilities detected in the tested web application source codes. Consequently, the objectives of the research were met and the expected results were achieved. This research work was limited to Java based web applications. In future research, the method can be extended to include other programming languages as well as other similar web application security vulnerabilities.
format Thesis
author Hydara, Isatou
spellingShingle Hydara, Isatou
An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
author_facet Hydara, Isatou
author_sort Hydara, Isatou
title An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_short An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_full An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_fullStr An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_full_unstemmed An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
title_sort approach to improve detecting and removing cross- site scripting vulnerabilities in web applications
publishDate 2015
url http://psasir.upm.edu.my/id/eprint/57098/1/FSKTM%202015%205RR.pdf
http://psasir.upm.edu.my/id/eprint/57098/
_version_ 1643836384633421824