APC
Submit a Manuscript
Home About Authors Subscriber Ethics Journals Contact

Journal of Engineering and Applied Sciences

Year: 2018
Volume: 13
Issue: 16
Page No. 6616 - 6621
DOI: 10.36478/jeasci.2018.6616.6621

Towards Removing Cross-Site Scripting Vulnerabilities from Mobile Web Applications

Authors : Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil and Novia Admodisastro

References

Acker, S.V., N. Nikiforakis, L. Desmet, W. Joosen and F. Piessens, 2012. FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications. Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, ACM, Seoul, Korea, ISBN:978-1-4503-1648-4, pp: 12-13.

Agosta, G., A. Barenghi, A. Parata and G. Pelosi, 2012. Automated security analysis of dynamic web applications through symbolic code execution. Proceedings of the 9th International Conference on Information Technology New Generations (ITNG’12), April 16-18, 2012, IEEE, Las Vegas, Nevada, ISBN:978-1-4673-0798-7, pp: 189-194.

Anonymous, 2014. Mobile top 10 2014-m7. OWASP, Maryland, USA. https://www.owasp.org/index.php/Mobile_Top_10_2014-M7

Anonymous, 2015. OWASP Java HTML sanitizer project. OWASP, Maryland, USA. https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project

Anonymous, 2016. Category: OWASP enterprise security API. OWASP, Maryland, USA. https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Anonymous, 2016. Cross-Site Scripting (XSS). OWASP, Maryland, USA. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Anonymous, 2016. OWASP modsecurity Core Rule Set (CRS). OWASP, Maryland, USA. https://modsecurity.org/crs/

Anonymous, 2017. CWE-79: Improper neutralization of input during web page generation (Cross-site Scripting). Continental Wrestling Entertainment, Jalandhar district, India. http://cwe.mitre.org/data/definitions/79.html

Anonymous, 2017. DOM based XSS prevention cheat sheet. OWASP, Maryland, USA. https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet

Bathia, P., B.R. Beerelli and M.A. Laverdiere, 2011. Assisting programmers resolving vulnerabilities in Java web applications. Proceedings of the 1st International Conference on Computer Science and Information Technology (CCSIT’11), January 2-4, 2011, Springer, Bangalore, India, ISBN:978-3-642-17880-1, pp: 268-279.

Chen, Y.L., H.M. Lee, A.B. Jeng and T.E. Wei, 2015. Droidcia: A novel detection method of code injection attacks on html5-based mobile apps. Proceedings of the 2015 IEEE International Conference on Trustcom/BigDataSE/ISPA Vol. 1, August 20-22, 2015, IEEE, Helsinki, Finland, ISBN:978-1-4673-7951-9, pp: 1014-1021.

Dong, G., Y. Zhang, X. Wang, P. Wang and L. Liu, 2014. Detecting cross site scripting vulnerabilities introduced by HTML5. Proceedings of the 11th International Joint Conference on Computer Science and Software Engineering (JCSSE), May 14-16, 2014, IEEE, Beijing, China, ISBN:978-1-4799-5822-1, pp: 319-323.

Duchene, F., R. Groz, S. Rawat and J.L. Richier, 2012. XSS vulnerability detection using model inference assisted evolutionary fuzzing. Proceedings of the 2012 IEEE 5th International Conference on Software Testing, Verification and Validation (ICST’12), April 17-21, 2012, IEEE, Montreal, Canada, ISBN:978-1-4577-1906-6, pp: 815-817.

Fogie, S., J. Grossman, R. Hansen, A. Rager and P.D. Petkov, 2007. XSS Attacks: Cross Site Scripting Exploits and Defense. Syngress, Boston, Massachusetts, ISBN-13: 978-1-59749-154-9, Pages: 464.

Gundy, M.V. and H. Chen, 2012. Noncespaces: Using randomization to defeat cross-site scripting attacks. Comput. Secur., 31: 612-628.
CrossRef  |  Direct Link  |  

Huyam, A.A. and E. El-Qawasmeh, 2012. Discovering security vulnerabilities and leaks in ASP: NET websites. Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec’12), June 26-28, 2012, IEEE, Kuala Lumpur, Malaysia, ISBN:978-1-4673-1425-1, pp: 329-333.

Hydara, I., A.B.M. Sultan, H. Zulzalil and N. Admodisastro, 2014. An approach for cross-site scripting detection and removal based on genetic algorithms. Proceedings of the 9th International Conference on Software Engineering Advances ICSEA, October 12-16, 2014, IARIA, Nice, France, ISBN:978-1-61208-367-4, pp: 227-232.

Hydara, I., A.B.M. Sultan, H. Zulzalil and N. Admodisastro, 2015. Current state of research on cross-site scripting (XSS)-A systematic literature review. Inform. Software Technol., 58: 170-186.
CrossRef  |  Direct Link  |  

Hydara, I., A.B.M. Sultan, H. Zulzalil and N. Admodisastro, 2015. Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines. Indian J. Sci. Technol., 8: 1-5.
CrossRef  |  Direct Link  |  

Javed, A. and J. Schwenk, 2013. Towards elimination of cross-site scripting on mobile versions of web applications. Proceedings of the 14th International Workshop on Information Security Applications (WISA’13), August 19-21, 2013, Springer, Jeju Island, Korea, ISBN:978-3-319-05148-2, pp: 103-123.

Mutchler, P., A. Doupe, J. Mitchell, C. Kruegel and G. Vigna, 2015. A Large-scale study of mobile web app security. Proceedings of the 2015 International Workshop on Mobile Security Technologies (MoST’15), May 21, 2015, Fairmont San Jose, San Jose, California, USA., pp: 1-11.

Scholte, T., W. Robertson, D. Balzarotti and E. Kirda, 2012. Preventing input validation vulnerabilities in web applications through automated type analysis. Proceedinsg of the 2012 IEEE 36th Annual International Conference on Computer Software and Applications, July 16-20, 2012, IEEE, Izmir, Turkey, ISBN:978-1-4673-1990-4, pp: 233-243.

Shah, S., 2012. HTML5 top 10 threats-stealth attacks and silent exploits. BlackHat, Las Vegas, Nevada, USA. https://media.blackhat.com/bh-us-12/Briefings/Shah/BH_US_12_Shah_Silent_Exploits_WP.pdf

Shar, L.K. and H.B.K.Tan, 2012. Automated removal of cross site scripting vulnerabilities in web applications. Inform. Software Technol., 54: 467-478.
CrossRef  |  Direct Link  |  

Shar, L.K. and H.B.K.Tan, 2012. Automated removal of cross site scripting vulnerabilities in web applications. Inform. Software Technol., 54: 467-478.
CrossRef  |  Direct Link  |  

Sharma, P., R. Johari and S.S. Sarma, 2012. Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. Intl. J. Syst. Assur. Eng. Manage., 3: 343-351.
CrossRef  |  Direct Link  |  

Sun, Y. and D. He, 2012. Model checking for the defense against cross-site scripting attacks. Proceedings of the 2012 International Conference on Computer Science and Service System (CSSS’12), August 11-13, 2012, IEEE, Nanjing, China, ISBN:978-1-4673-0721-5, pp: 2161-2164.

Vonnegut, S., 2015. XSS: The definitive guide to cross-site scripting prevention. Checkmarx, Nuremberg, Germany. https://www.checkmarx.com/2015/04/14/xss-the-definitive-guide-to-cross-site-scripting-prevention/

Design and power by Medwell Web Development Team. © Medwell Publishing 2024 All Rights Reserved