Authors : Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil and Novia Admodisastro
Abstract: Cross-site scripting vulnerabilities are among the most common of security vulnerabilities found in web applications and more recently in mobile versions of web applications. They have caused many successful attacks on web applications on a daily basis including loss of financial and health information, exposure to malware and viruses and denial of service attacks. Cross-site scripting vulnerabilities are easy to exploit but difficult to mitigate. Most of the existing solutions to cross-site scripting vulnerabilities focus only on the desktop version of web application and there is hardly any focus on the mobile versions. Also, most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this study, we present our research in progress on the removal of detected cross-site scripting vulnerabilities in mobile versions of web applications. We have proposed an approach in a previous research to detect and remove cross-site scripting vulnerabilities in desktop web applications. We have enhanced that approach and are currently testing it for the removal of cross-site scripting vulnerabilities in mobile versions of web applications. Initial evaluations have indicated promising results. We believe this approach can help web application developers to eliminate cross-site scripting vulnerabilities in not only their desktop web applications but also in the mobile version ones.
Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil and Novia Admodisastro, 2018. Towards Removing Cross-Site Scripting Vulnerabilities from Mobile Web Applications. Journal of Engineering and Applied Sciences, 13: 6616-6621.