Impact of secure programming on web application vulnerabilities

Rexha, Blerim; Halili, Arbnor; Rrmoku, Korab; Imeraj, Dren

doi:10.1109/cgvis.2015.7449894

Cited by 11 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Если, например, пользователь введёт <script>...</script>, то результирующий HTML станет выглядеть следующим образом: <script>...</script> [22]. Таким образом, если все управляющие символы будут замаскированы, то браузер не воспримет введённые данные как зловредный код, а выдаст их обезвреженными как обычный текст.…”

Section: способы защиты от Xss-атакunclassified

Models and scenarios of implementation of threats for internet resources

Lesko

2020

Rossijskij tehnologičeskij žurnal

View full text Add to dashboard Cite

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

show abstract

Section: способы защиты от Xss-атакunclassified

Models and scenarios of implementation of threats for internet resources

Lesko

2020

Rossijskij tehnologičeskij žurnal

View full text Add to dashboard Cite

show abstract

“…System security must be part of system architecture from the beginning. Based on the research for web application vulnerabilities (Rexha at al., 2015), conclude that security programming implementation should be raised to the highest level, maybe equal with the role of overall web application functionality. Regardless of the technology that we use to build classified information systems, web-based or windows-based applications, same security policies about data confidentiality should be implemented.…”

Section: System Architecturementioning

confidence: 99%

Using Record Level Encryption for Securing Information in Classified Information Systems

Rexha¹,

Sadiku²,

Krasniqi³

2018

Natural and Engineering Sciences

Self Cite

View full text Add to dashboard Cite

Information technology (IT) systems have great potential to improve the efficiency and methods of operation in each government organization, providing added convenience and flexibility. Currently, most of government law enforcement agencies have digitized their methods of work by advancing their user services. With this new approach, have come new threats, therefore, it is necessary to develop and implement standard policies to enhance information security and privacy on all classified information systems. In this paper a novel solution is presented for protection of information up to the record level encryption by applying the Advanced Encryption Standard (AES) algorithm using derived symmetric master key. The master key is unique per each record and is calculated in the client application. The uniqueness of the derived master key is assured by applying the exclusive or operation of the key of each record and the unique key of the client. Furthermore, this paper includes a critical approach on existing cryptographic methods and proposes additional methods to protect information, such us authentication, access control, and audit.

show abstract

“…Attackers inject malicious JavaScript into vulnerable web applications. When a user opens that infected web application in their browser, malicious JavaScript will be executed and steals cookies and other sensitive information from the user [2].…”

Section: Introductionmentioning

confidence: 99%

ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting attacks

Nagarjun¹,

Ahamad²

2019

IJECE

View full text Add to dashboard Cite

<span lang="EN-US">Cross-Site Scripting (XSS) is one of serious web application attack. Web applications are involved in every activity of human life. JavaScript plays a major role in these web applications. In XSS attacks hacker inject malicious JavaScript into a trusted web application, execution of that malicious script may steal sensitive information from the user. Previous solutions to prevent XSS attacks require a lot of effort to integrate into existing web applications, some solutions works at client-side and some solutions works based on filter list which needs to be updated regularly. In this paper, we propose an Image Substitute technique (ImageSubXSS) to prevent Cross-Site Scripting attacks which works at the server-side. The proposed solution is implemented and evaluated on a number of XSS attacks. With a single line, developers can integrate ImageSubXSS into their applications and the proposed solution is able to prevent XSS attacks effectively.</span>

show abstract

Impact of secure programming on web application vulnerabilities

Cited by 11 publications

References 5 publications

Models and scenarios of implementation of threats for internet resources

Models and scenarios of implementation of threats for internet resources

Using Record Level Encryption for Securing Information in Classified Information Systems

ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting attacks

Contact Info

Product

Resources

About