Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms
Cross-site scripting (XSS) vulnerabilities are a major security threat for both desktop and mobile web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the web pages of an application. Successful XSS a...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2024
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/119949/ http://psasir.upm.edu.my/id/eprint/119949/1/119949.pdf |
| _version_ | 1848868085939830784 |
|---|---|
| author | Hydara, Isatou |
| author_facet | Hydara, Isatou |
| author_sort | Hydara, Isatou |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Cross-site scripting (XSS) vulnerabilities are a major security threat for both desktop
and mobile web applications. They occur due to lack of proper verification of the
user inputs, which enables hackers to inject and execute malicious scripts in the web
pages of an application. Successful XSS attacks can lead to serious security
violations such as account hijacking, denial of service, cookie theft, and web content
manipulations. Current approaches to addressing this problem are limited by large
number of false positives in their analysis results, non-inclusion of all types of XSS,
lack of focus on removing XSS vulnerabilities, and non-inclusion of mobile web
applications.
Static analysis techniques are good at detecting XSS vulnerabilities in the source
codes of web applications, and especially when combined with other techniques.
However, they tend to generate a lot of false positives since they are conservative
techniques. Another limitation is the limited or lack of focus on the removal of XSS
vulnerabilities after their detection in the source code. Consequently, an approach
called XSS-DETREM has been proposed with the objectives of combining genetic
algorithms with static analysis, and a code replacement technique to detect and
remove XSS vulnerabilities, respectively, to address the problem of XSS at the
source code level. The research used a quantitative research methodology and
randomised complete block design in the experimentation design whereby new
improvements were implemented in a software tool.
XSS-DETREM has been evaluated empirically using a data set of JSP and Android
web applications that have been used in previous studies. Comparisons of the
evaluation results have shown improvements in the detection and removal of XSS
vulnerabilities in desktop and mobile web applications. These improvements focused
on reducing the rate of false positives generated by static analysis, increasing the
vulnerability coverage for all types of XSS on both the server-side and client-side.
Consequently, the objectives of the research have been met and the expected results
were achieved. This new improved approach is significant in helping web
application developers to test their applications for all types of XSS and remove any
detected vulnerabilities before releasing them to the public. Also, as more users are
browsing the Internet through their mobile applications, this approach will help in
protecting their private data and make browsing safer for them with both Desktop
and Mobile web applications. |
| first_indexed | 2025-11-15T14:46:47Z |
| format | Thesis |
| id | upm-119949 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T14:46:47Z |
| publishDate | 2024 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-1199492025-10-09T07:58:29Z http://psasir.upm.edu.my/id/eprint/119949/ Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms Hydara, Isatou Cross-site scripting (XSS) vulnerabilities are a major security threat for both desktop and mobile web applications. They occur due to lack of proper verification of the user inputs, which enables hackers to inject and execute malicious scripts in the web pages of an application. Successful XSS attacks can lead to serious security violations such as account hijacking, denial of service, cookie theft, and web content manipulations. Current approaches to addressing this problem are limited by large number of false positives in their analysis results, non-inclusion of all types of XSS, lack of focus on removing XSS vulnerabilities, and non-inclusion of mobile web applications. Static analysis techniques are good at detecting XSS vulnerabilities in the source codes of web applications, and especially when combined with other techniques. However, they tend to generate a lot of false positives since they are conservative techniques. Another limitation is the limited or lack of focus on the removal of XSS vulnerabilities after their detection in the source code. Consequently, an approach called XSS-DETREM has been proposed with the objectives of combining genetic algorithms with static analysis, and a code replacement technique to detect and remove XSS vulnerabilities, respectively, to address the problem of XSS at the source code level. The research used a quantitative research methodology and randomised complete block design in the experimentation design whereby new improvements were implemented in a software tool. XSS-DETREM has been evaluated empirically using a data set of JSP and Android web applications that have been used in previous studies. Comparisons of the evaluation results have shown improvements in the detection and removal of XSS vulnerabilities in desktop and mobile web applications. These improvements focused on reducing the rate of false positives generated by static analysis, increasing the vulnerability coverage for all types of XSS on both the server-side and client-side. Consequently, the objectives of the research have been met and the expected results were achieved. This new improved approach is significant in helping web application developers to test their applications for all types of XSS and remove any detected vulnerabilities before releasing them to the public. Also, as more users are browsing the Internet through their mobile applications, this approach will help in protecting their private data and make browsing safer for them with both Desktop and Mobile web applications. 2024-02 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/119949/1/119949.pdf Hydara, Isatou (2024) Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms. Doctoral thesis, Universiti Putra Malaysia. http://ethesis.upm.edu.my/id/eprint/18493 Computer security Web applications - Security measures Software - Testing |
| spellingShingle | Computer security Web applications - Security measures Software - Testing Hydara, Isatou Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title | Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title_full | Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title_fullStr | Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title_full_unstemmed | Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title_short | Enhancing XSS vulnerability detection and removal in web applications using genetic algorithms |
| title_sort | enhancing xss vulnerability detection and removal in web applications using genetic algorithms |
| topic | Computer security Web applications - Security measures Software - Testing |
| url | http://psasir.upm.edu.my/id/eprint/119949/ http://psasir.upm.edu.my/id/eprint/119949/ http://psasir.upm.edu.my/id/eprint/119949/1/119949.pdf |