2019
DOI: 10.24251/hicss.2019.877
|View full text |Cite
|
Sign up to set email alerts
|

Fighting Against XSS Attacks. A Usability Evaluation of OWASP ESAPI Output Encoding

Abstract: Cross Site Scripting (XSS) is one of the most critical vulnerabilities exist in web applications. XSS can be prevented by encoding untrusted data that are loaded into browser content of web applications. Security Application Programming Interfaces (APIs) such as OWASP ESAPI provide output encoding functionalities for programmers to use to protect their applications from XSS attacks. However, XSS still being ranked as one of the most critical vulnerabilities in web applications suggests that programmers are not… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
2

Relationship

1
5

Authors

Journals

citations
Cited by 6 publications
(4 citation statements)
references
References 21 publications
0
4
0
Order By: Relevance
“…• 4 distinct scenarios are identified showing how client-side storage is used in an insecure manner. Wijayarathna and Arachchilage [122] check the usability of OWASP ESAPI sanitizers to prevent XSS attacks from developers' perspectives.…”
Section: Results Of the Search And Selection Processesmentioning
confidence: 99%
“…• 4 distinct scenarios are identified showing how client-side storage is used in an insecure manner. Wijayarathna and Arachchilage [122] check the usability of OWASP ESAPI sanitizers to prevent XSS attacks from developers' perspectives.…”
Section: Results Of the Search And Selection Processesmentioning
confidence: 99%
“…They should use the API for a while, so evaluators can evaluate the experience of the participant programmers. As potential users of an security API would be software developers/programmers, this can be somewhat costly [6], [7], [30].…”
Section: Limitations Of the Proposed Methodologymentioning
confidence: 99%
“…These APIs that provide security related functionalities are known as security APIs [3], [4]. When security APIs that programmers use are not usable, it is difficult for programmers to learn and use APIs and hence, leads them to make mistakes that would result in introducing security vulnerabilities to applications they develop [4], [7], [30].…”
Section: Introductionmentioning
confidence: 99%
“…Previous work employs surveys, design studies, and programming tasks to evaluate, e.g., the impact of developers' information sources on code security [11], the usability of security-related information in API documentations [22], [56], and the impact of console warnings on the use of security-related APIs [19], [20]. Our work uses similar methods, but instead focuses on understanding developers' overall awareness of the web security controls.…”
Section: Related Workmentioning
confidence: 99%