UPM Institutional Repository

Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines


Citation

Hydara, Isatou and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia Indriaty (2015) Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines. Indian Journal of Science and Technology, 8 (30). pp. 1-5. ISSN 0974-6846; ESSN: 0974-5645

Abstract

Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to eliminate. Most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this paper, we propose an approach to remove cross-site scripting vulnerabilities from the source code before an application is deployed. We make use of the OWASP cross-site scripting prevention rules as guideline in our approach. The proposed approach is, so far, only implemented and validated on Java-based Web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluation results have indicated promising results.


Download File

[img]
Preview
Text (Abstract)
Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines.pdf

Download (38kB) | Preview

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.17485/ijst/2015/v8i30/87182
Publisher: Indian Society for Education and Environment
Keywords: Cross-site scripting; Software security; Vulnerability removal
Depositing User: Ms. Nida Hidayati Ghazali
Date Deposited: 15 Dec 2017 09:57
Last Modified: 29 Nov 2019 02:57
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.17485/ijst/2015/v8i30/87182
URI: http://psasir.upm.edu.my/id/eprint/55151
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item