scholarly journals Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System

2018 ◽  
Vol 2018 ◽  
pp. 1-10 ◽  
Author(s):  
Bakare K. Ayeni ◽  
Junaidu B. Sahalu ◽  
Kolawole R. Adeyanju
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Fuzzy Inference ◽  
False Positive Rate ◽  
Data Access ◽  
Web Security ◽  
Web Application Security ◽  
Inference System ◽  
Positive Rate ◽  
Cross Site

With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.

scholarly journals Cross Site Scripting Attacks in Web-Based Applications

2018 ◽  
Vol 1 (2) ◽  
pp. 25-35
Author(s):  
Aliga Paul Aliga ◽  
Adetokunbo MacGregor John-Otumu ◽  
Rebecca E Imhanhahimi ◽  
Atuegbelo Confidence Akpe
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Learning Ability ◽  
Security Risk ◽  
Web Application Security ◽  
Web Based ◽  
Architectural Framework ◽  
Self Learning ◽  
Cross Site ◽  
The Web

Web-based applications has turn out to be very prevalent due to the ubiquity of web browsers to deliver service oriented application on-demand to diverse client over the Internet and cross site scripting (XSS) attack is a foremost security risk that has continuously ravage the web applications over the years. This paper critically examines the concept of XSS and some recent approaches for detecting and preventing XSS attacks in terms of architectural framework, algorithm used, solution location, and so on. The techniques were analysed and results showed that most of the available recognition and avoidance solutions to XSS attacks are more on the client end than the server end because of the peculiar nature of web application vulnerability and they also lack support for self-learning ability in order to detect new XSS attacks. Few researchers as cited in this paper inculcated the self-learning ability to detect and prevent XSS attacks in their design architecture using artificial neural networks and soft computing approach; a lot of improvement is still needed to effectively and efficiently handle the web application security menace as recommended.

scholarly journals Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

2021 ◽  
Vol 3 (2) ◽  
pp. 149
Author(s):  
Ripto Mukti Wibowo ◽  
Aruji Sulaksono
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Cost Effective ◽  
Internet Technology ◽  
Cyber Attack ◽  
Security Threat ◽  
Web Application Security ◽  
Application Security ◽  
Case Examples ◽  
Cross Site

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

scholarly journals SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Monitoring Network ◽  
Sql Injection ◽  
Web Application Security ◽  
Ip Address ◽  
Application Security ◽  
Rule Set ◽  
Security Rule ◽  
Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

Developing Security Enabled Applications for Web Commerce

2018 ◽  
pp. 384-396
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Local Area Network ◽  
Local Area ◽  
Web Security ◽  
The Internet ◽  
Area Network ◽  
Web Application Security ◽  
Public Network ◽  
Internal Networks

As more and more applications find their way to the World Wide Web, security concerns have increased. Web applications are by nature somewhat public and therefore vulnerable to attack. Today it is the norm to visit Web sites where logins and passwords are required to navigate from one section of the site to another. This is much more so required in a Web application where data is being manipulated between secure internal networks and the Internet. Web applications, no matter what their functions are, should not exchange data over the Internet unless it is encrypted or at least digitally signed. Security should be extended to the private-public network borders to provide the same authentication, access control, and accounting services that local area network (LAN) based applications employ. The most widely used method of Web application security today is Private Key Infrastructure (PKI). Various examples of PKI implementations are examined.

scholarly journals An Overview Over the Open Source Resources for Web Applications Security

2017 ◽  
Vol 3 (1) ◽  
Author(s):  
Emerson Assis Carvalho ◽  
Fernanda Ramos de Carvalho ◽  
Lucyara Silva Ribeiro ◽  
Germano Estevam Simão Pereira ◽  
Túlio César Lopes Alves
Keyword(s):  
Open Source ◽  
Web Application ◽  
Web Applications ◽  
Web Security ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Complete Report

This work presents a web application security overview, presenting its main concepts and areas, the open source resources available, the most com- mon web security vulnerabilities and how to prevent them. We also have used some open source web application security scanners to test the security of a simple web application. We have used more than one scanner, aiming to have a complete report over the vulnerabilities and to make a comparison between them. We have used a web application previously developed without any concern about security. Our reports were on the vulnerabilities found and how much was easy or not to interpret and fix them.

scholarly journals Vulnerability Scanning Technology on Web Applications

2021 ◽  
Vol 9 (VI) ◽  
pp. 991-995
Author(s):  
Aarushi Dwivedi
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Daily Life ◽  
Modern Society ◽  
Security Level ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Application Security ◽  
Vulnerability Scanner ◽  
Cross Site

Modern society is far more dependent on web applications than the previous generations. Even though our dependence is increasing rapidly, the security level is far lower than required. To guarantee the security of the data system in the industry and our daily life, it is especially crucial to find out web application security vulnerabilities quickly and accurately. A vulnerability is a state of being unprotected from the prospect of an attack. It permits an attacker to gain a certain level of command of the site, and possibly the hosting server. One such vulnerability is the cross-site scripting vulnerability. In this exposition, a generic vulnerability scanner is proposed which can be customized to find any number of vulnerabilities. The scanner maps out the website and gives a report of all the vulnerabilities. For the purpose of evaluation, it has been customized to find XSS vulnerability in web applications.

Developing Security Enabled Applications for Web Commerce

2016 ◽  
pp. 161-173
Author(s):  
Kannan Balasubramanian
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Local Area Network ◽  
Local Area ◽  
Web Security ◽  
The Internet ◽  
Area Network ◽  
Web Application Security ◽  
Public Network ◽  
Internal Networks

As more and more applications find their way to the World Wide Web, security concerns have increased. Web applications are by nature somewhat public and therefore vulnerable to attack. Today it is the norm to visit Web sites where logins and passwords are required to navigate from one section of the site to another. This is much more so required in a Web application where data is being manipulated between secure internal networks and the Internet. Web applications, no matter what their functions are, should not exchange data over the Internet unless it is encrypted or at least digitally signed. Security should be extended to the private-public network borders to provide the same authentication, access control, and accounting services that local area network (LAN) based applications employ. The most widely used method of Web application security today is Private Key Infrastructure (PKI). Various examples of PKI implementations are examined.

scholarly journals Methodology of Security testing of IKID website and Security Vulnerabilities

2021 ◽  
Vol 6 (1) ◽  
pp. 83-90
Author(s):  
Mustofa Kamil
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Web Security ◽  
Security Testing ◽  
Security Vulnerabilities ◽  
Web Application Security ◽  
Systems Security ◽  
Network Application ◽  
The Right ◽  
Day By Day

Due to the large amount of data stored in web applications and the increasing number of transactions on the web, the right Web Application Security Testing is very important day by day and web application is an important in business life. By increasing complexity of web systems, Security testing has become a very necessary and important activity of the life cycle of developing web applications, web security testing consists of searching for information about the network, application and looking for holes and weakness.

scholarly journals Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

2018 ◽  
Vol 7 (4.15) ◽  
pp. 130
Author(s):  
Emil Semastin ◽  
Sami Azam ◽  
Bharanidharan Shanmugam ◽  
Krishnan Kannoorpatti ◽  
Mirjam Jonokman ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Operating Cycle ◽  
Web Application Security ◽  
Web Based ◽  
Business World ◽  
Application Security ◽  
Server Side ◽  
Combined Solution ◽  
Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.  

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

2021 ◽  
Vol 1 ◽  
pp. 84-90
Author(s):  
Rustam Kh. Khamdamov ◽  
◽  
Komil F. Kerimov ◽  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Personal Information ◽  
Database Security ◽  
Security Threats ◽  
Web Application Security ◽  
Application Security ◽  
Client Request ◽  
Database Protection ◽  
Information Bank

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

Sign in / Sign up

Export Citation Format

Share Document