UPM Institutional Repository

An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications


Hydara, Isatou (2015) An approach to improve detecting and removing cross- site scripting vulnerabilities in web applications. Masters thesis, Universiti Putra Malaysia.


Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulnerabilities in Web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the Hyper Text Markup Language (HTML) pages of an application. The presence of XSS vulnerabilities in applications source codes enables XSS attacks to take place. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. XSS vulnerabilities are easy to exploit but difficult to eliminate. Many solutions have been proposed for their mitigation, however, the problem still persists. Many web applications are vulnerable to XSS and are attacked frequently. Most of the previously proposed approaches focused on preventing and detecting XSS attacks during runtime, after vulnerable applications are already deployed. Few approaches have focused on removing the vulnerabilities from the source codes before deployment of the applications. The presence of XSS vulnerabilities in an application makes it easy to attack successfully during runtime. Also most of these approaches only focused on the detection of type I and II XSS but not on type III XSS, which is more difficult to eliminate. In this research, an approach has been proposed that explores the combination of genetic algorithms with static analysis, and a code replacement method to address the problem of XSS at the source code level. The objectives are to detect and remove XSS vulnerabilities from the source code before an application is deployed, thereby,preventing XSS attacks from taking place. The evaluation results are promising as the empirical validation has proven that the proposed approach has a higher precision of detecting XSS vulnerabilities than previously proposed solutions it is compared to. This approach is also able to remove the vulnerabilities detected in the tested web application source codes. Consequently, the objectives of the research were met and the expected results were achieved. This research work was limited to Java based web applications. In future research, the method can be extended to include other programming languages as well as other similar web application security vulnerabilities.

Download File

FSKTM 2015 5RR.pdf

Download (1MB) | Preview

Additional Metadata

Item Type: Thesis (Masters)
Subject: Web services - Computer networks - Web sites - Computer security
Subject: Security measures
Call Number: FSKTM 2015 5
Chairman Supervisor: Abu Bakar Md Sultan, PhD
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Haridan Mohd Jais
Date Deposited: 23 Aug 2017 02:11
Last Modified: 23 Aug 2017 02:11
URI: http://psasir.upm.edu.my/id/eprint/57098
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item