A Systematic Analysis of XSS Sanitization in Web Application Frameworks

Weinberger, Joel; Saxena, Prateek; Akhawe, Devdatta; Finifter, Matthew; Shin, Richard; Song, Dawn

doi:10.1007/978-3-642-23822-2_9

Cited by 88 publications

(92 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Thus, the XSS flaw is as a result of not validated or sanitized input parameters. There are three types of XSS: Non-Persistent, called Reflected XSS; Persistent or Stored XSS; and Document Object Model (DOM)-based [16].…”

Section: Cross Site Scripting Vulnerabilitymentioning

confidence: 99%

See 1 more Smart Citation

Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape

Joshi¹,

Singh²

2016

IJCA

View full text Add to dashboard Cite

This paper describes a web application intended to be used to evaluate the efficiency of Netsparker, Acunetix and Burp Suite web application vulnerability scanners. This paper also explains the defense measures to secure the application significantly. The results of web application evaluation identify the most challenging vulnerabilities for scanner to detect, and compare the effectiveness of scanners. The assessment results suggest the areas that require further research to improve scanner"s detection rate.

show abstract

Section: Cross Site Scripting Vulnerabilitymentioning

confidence: 99%

“…XSS attacks are usually divided into three categories: NonPersistent or Reflected XSS Attack; Persistent or Stored XSS Attack; and DOM-Based XSS Attack [16].…”

Section: Exploiting Xss Vulnerabilitymentioning

confidence: 99%

Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape

Joshi¹,

Singh²

2016

IJCA

View full text Add to dashboard Cite

show abstract

“…In [22] author proposed the initial explanation of command injection attacks in the perception of web applications, and dispenses absolute algorithm for preventing them founded on context-free grammars and compiler parsing techniques. Author"s assessment is that, for an attack to be successful, the input that gets circulated into the database query or the output document must modify the intended syntactic organization of the query or document.…”

Section: International Journal Of Computer Applications (0975 -8887) mentioning

confidence: 99%

“…Web application development usually give auto sanitization options a recent study [22] shows, they still cannot meet the entire necessities exhibit by trendy internet applications. Designing and reasoning context-sensitive sanitization routines still need substantial work.…”

Section: Research Scopementioning

confidence: 99%

Web Application Vulnerabilities: A Survey

Dwivedi¹,

Yadav²,

Jain³

2014

IJCA

View full text Add to dashboard Cite

In the last few years, the discovery of World Wide Web (WWW) has grown very much. Today, WWW applications are routinely utilized in security critical environments, like ecommerce, medical, financial, and military systems etc. WWW systems are an organization of infrastructure elements, like web databases and servers, and application-specific code, such as HTML scripts and CGI programs etc. While the core elements are usually developed by knowledgeable programmers with valid security skills this ensuing vulnerable web-based applications and accessible to the complete web, creating easilyabusing access points for the conciliation of entire networks. During this paper, we survey the current approaches to internet vulnerability analysis and that we propose a classification along two characterizing: detection and prevention model and study these methods. Furthermore we describe the foremost regular attacks in contrast to web-based applications and explore the effectiveness of sure analysis techniques in characteristic specific categories of flaws.

show abstract

“…Due to the great destructiveness of XSS, many security researchers began to study various prevention methods [9][10][11]. As in 2010, Bateset al proposed a new filtering technology.…”

Section: Introductionmentioning

confidence: 99%

Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems

Zhang¹,

Chai²

2017

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

View full text Add to dashboard Cite

Abstract. Cross-site scripting attacks has always been one of the most common attacks to the front-end network applications. With the popularity of HTML5, the security of Email systems is facing new challenges. In this paper, we propose a new approach which utilizes HTML5 new tags and new attributes to construct storage-type XSS attack vectors. Based on this method, we have tested several domestic and foreign common mailbox and detected six HTML5-based XSS vulnerabilities. The final evaluation results show that our method can detect storage-type XSS vulnerabilities based on HTML5 effectively.

show abstract

A Systematic Analysis of XSS Sanitization in Web Application Frameworks

Cited by 88 publications

References 19 publications

Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape

Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape

Web Application Vulnerabilities: A Survey

Mining Cross Site Scripting Vulnerabilities Based on HTML5 in Email Systems

Contact Info

Product

Resources

About