Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey

Gupta, Mukesh Kumar; Govil, Mahesh Chandra; Singh, Girdhari

doi:10.1109/icraie.2014.6909173

Cited by 36 publications

(24 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This input can be fashioned to alter the contents of the web page that the victim can see, thus vesting the control with the attacker. The most standard approaches to spot vulnerabilities are categorised into dynamic analysis, static analysis, and hybrid analysis [15]. www.ijacsa.thesai.org…”

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

Cross Site Scripting: Detection Approaches in Web Application

Wasef¹,

Fitri²

2016

ijacsa

View full text Add to dashboard Cite

Abstract-Web applications have become one of the standard platforms for service releases and representing information and data over the World Wide Web. Thus, security vulnerabilities headed to various type of attacks in web applications. Amongst those is Cross Site Scripting also known as XSS. XSS can be considered as one of the most popular type of threat in web security application. XSS occurs by injecting the malicious scripts into web application, and it can lead to significant violations at the site or for the user. This paper highlights the issues (i.e. security and vulnerability) in web application specifically in regards to XSS. In addition, the future direction of research within this domain is highlighted.

show abstract

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

Cross Site Scripting: Detection Approaches in Web Application

Wasef¹,

Fitri²

2016

ijacsa

View full text Add to dashboard Cite

show abstract

“…Grupta et al [23] proposes a classification of the defense techniques of the static analysis based approaches. This survey paper explores eleven techniques from 2005 through 2012.…”

Section: Related Workmentioning

confidence: 99%

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Steiner

Leon

Alves-Foss

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Abstract-SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.

show abstract

“…A web application is a program that executes tasks over a network connection on a web server [18]. Such an application has to be accessed by means of an Internet browser.…”

Section: Web Applicationmentioning

confidence: 99%

“…The most popular approach to detect vulnerability can be classified into static, dynamic, and hybrid analyses [18]. Static analysis is a method that finds errors in early development that is before the program is initiated [16].…”

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Marashdih¹,

Zaaba²,

Omer³

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Cross site scripting (XSS) is one of the major threats to the web application security, where the research is still underway for an effective and useful way to analyse the source code of web application and removes this threat. XSS occurs by injecting the malicious scripts into web application and it can lead to significant violations at the site or for the user. Several solutions have been recommended for their detection. However, their results do not appear to be effective enough to resolve the issue. This paper recommended a methodology for the detection of XSS from the PHP web application using genetic algorithm (GA) and static analysis. The methodology enhances the earlier approaches of determining XSS vulnerability in the web application by eliminating the infeasible paths from the control flow graph (CFG). This aids in reducing the false positive rate in the outcomes. The results of the experiments indicated that our methodology is more effectual in detecting XSS vulnerability from the PHP web application compared to the earlier studies, in terms of the false positive rates and the concrete susceptible paths determined by GA Generator.

show abstract

Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey

Cited by 36 publications

References 19 publications

Cross Site Scripting: Detection Approaches in Web Application

Cross Site Scripting: Detection Approaches in Web Application

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Contact Info

Product

Resources

About