Auditing the defense against cross site scripting in web applications

Auditing the defense against cross site scripting in web applications

Majority attacks to web applications today are mainly carried out through input manipulation in order to cause unintended actions of these applications. These attacks exploit the weaknesses of web applications in preventing the manipulation of inputs. Among these attacks, cross site scripting attack...

Full description

Saved in:
Bibliographic Details
Main Authors: SHAR, Lwin Khin, TAN, Hee Beng Kuan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2010
Subjects:
Cross Site Scripting
Static Analysis
Code Auditing
Input Validation and Filtering
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4783
https://ink.library.smu.edu.sg/context/sis_research/article/5786/viewcontent/secrypt_2010.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5786
record_format dspace
spelling sg-smu-ink.sis_research-57862020-01-16T10:18:05Z Auditing the defense against cross site scripting in web applications SHAR, Lwin Khin TAN, Hee Beng Kuan Majority attacks to web applications today are mainly carried out through input manipulation in order to cause unintended actions of these applications. These attacks exploit the weaknesses of web applications in preventing the manipulation of inputs. Among these attacks, cross site scripting attack -- malicious input is submitted to perform unintended actions on a HTML response page -- is a common type of attacks. This paper proposes an approach for thorough auditing of code to defend against cross site scripting attack. Based on the possible methods of implementing defenses against cross site scripting attack, the approach extracts all such defenses implemented in code so that developers, testers or auditors could check the extracted output to examine its adequacy. We have also evaluated the feasibility and effectiveness of the proposed approach by applying it to audit a set of real-world applications. 2010-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4783 https://ink.library.smu.edu.sg/context/sis_research/article/5786/viewcontent/secrypt_2010.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Cross Site Scripting Static Analysis Code Auditing Input Validation and Filtering Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Cross Site Scripting
Static Analysis
Code Auditing
Input Validation and Filtering
Software Engineering
spellingShingle Cross Site Scripting
Static Analysis
Code Auditing
Input Validation and Filtering
Software Engineering
SHAR, Lwin Khin
TAN, Hee Beng Kuan
Auditing the defense against cross site scripting in web applications
description Majority attacks to web applications today are mainly carried out through input manipulation in order to cause unintended actions of these applications. These attacks exploit the weaknesses of web applications in preventing the manipulation of inputs. Among these attacks, cross site scripting attack -- malicious input is submitted to perform unintended actions on a HTML response page -- is a common type of attacks. This paper proposes an approach for thorough auditing of code to defend against cross site scripting attack. Based on the possible methods of implementing defenses against cross site scripting attack, the approach extracts all such defenses implemented in code so that developers, testers or auditors could check the extracted output to examine its adequacy. We have also evaluated the feasibility and effectiveness of the proposed approach by applying it to audit a set of real-world applications.
format text
author SHAR, Lwin Khin
TAN, Hee Beng Kuan
author_facet SHAR, Lwin Khin
TAN, Hee Beng Kuan
author_sort SHAR, Lwin Khin
title Auditing the defense against cross site scripting in web applications
title_short Auditing the defense against cross site scripting in web applications
title_full Auditing the defense against cross site scripting in web applications
title_fullStr Auditing the defense against cross site scripting in web applications
title_full_unstemmed Auditing the defense against cross site scripting in web applications
title_sort auditing the defense against cross site scripting in web applications
publisher Institutional Knowledge at Singapore Management University
publishDate 2010
url https://ink.library.smu.edu.sg/sis_research/4783
https://ink.library.smu.edu.sg/context/sis_research/article/5786/viewcontent/secrypt_2010.pdf
_version_ 1770575029757542400

Similar Items