Citation
Hydara, Isatou
(2024)
Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms.
Doctoral thesis, Universiti Putra Malaysia.
Abstract
Cross-site scripting (XSS) vulnerabilities are a major security threat for both desktop
and mobile web applications. They occur due to lack of proper verification of the
user inputs, which enables hackers to inject and execute malicious scripts in the web
pages of an application. Successful XSS attacks can lead to serious security
violations such as account hijacking, denial of service, cookie theft, and web content
manipulations. Current approaches to addressing this problem are limited by large
number of false positives in their analysis results, non-inclusion of all types of XSS,
lack of focus on removing XSS vulnerabilities, and non-inclusion of mobile web
applications.
Static analysis techniques are good at detecting XSS vulnerabilities in the source
codes of web applications, and especially when combined with other techniques.
However, they tend to generate a lot of false positives since they are conservative
techniques. Another limitation is the limited or lack of focus on the removal of XSS
vulnerabilities after their detection in the source code. Consequently, an approach
called XSS-DETREM has been proposed with the objectives of combining genetic
algorithms with static analysis, and a code replacement technique to detect and
remove XSS vulnerabilities, respectively, to address the problem of XSS at the
source code level. The research used a quantitative research methodology and
randomised complete block design in the experimentation design whereby new
improvements were implemented in a software tool.
XSS-DETREM has been evaluated empirically using a data set of JSP and Android
web applications that have been used in previous studies. Comparisons of the
evaluation results have shown improvements in the detection and removal of XSS
vulnerabilities in desktop and mobile web applications. These improvements focused
on reducing the rate of false positives generated by static analysis, increasing the
vulnerability coverage for all types of XSS on both the server-side and client-side.
Consequently, the objectives of the research have been met and the expected results
were achieved. This new improved approach is significant in helping web
application developers to test their applications for all types of XSS and remove any
detected vulnerabilities before releasing them to the public. Also, as more users are
browsing the Internet through their mobile applications, this approach will help in
protecting their private data and make browsing safer for them with both Desktop
and Mobile web applications.
Download File
Additional Metadata
| Item Type: |
Thesis
(Doctoral)
|
| Subject: |
Computer security |
| Subject: |
Web applications - Security measures |
| Subject: |
Software - Testing |
| Call Number: |
FSKTM 2024 7 |
| Chairman Supervisor: |
Professor Abu Bakar bin Md Sultan, PhD |
| Divisions: |
Faculty of Computer Science and Information Technology |
| Keywords: |
cross-site scripting attack; cross-site scripting vulnerability, software
security, XSS vulnerability detection |
| Depositing User: |
Ms. Rohana Alias
|
| Date Deposited: |
09 Oct 2025 07:58 |
| Last Modified: |
09 Oct 2025 07:58 |
| URI: |
http://psasir.upm.edu.my/id/eprint/119949 |
| Statistic Details: |
View Download Statistic |
Actions (login required)
 |
View Item |
![[img]](http://psasir.upm.edu.my/style/images/fileicons/text.png)