Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines
Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficu...
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
Science and Knowledge Research Society
2015
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/67003/ http://psasir.upm.edu.my/id/eprint/67003/1/ICCSCM-5.pdf |
| _version_ | 1848855728964501504 |
|---|---|
| author | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Indriaty |
| author_facet | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Indriaty |
| author_sort | Hydara, Isatou |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to eliminate. Most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this paper, we propose an approach to remove cross-site scripting vulnerabilities from the source code before an application is deployed. We make use of the OWASP cross-site scripting prevention rules as guideline in our approach. The proposed approach is, so far, only implemented and validated on Java-based Web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluation results have indicated promising results. |
| first_indexed | 2025-11-15T11:30:23Z |
| format | Conference or Workshop Item |
| id | upm-67003 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T11:30:23Z |
| publishDate | 2015 |
| publisher | Science and Knowledge Research Society |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-670032019-03-06T05:35:14Z http://psasir.upm.edu.my/id/eprint/67003/ Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Indriaty Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to eliminate. Most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this paper, we propose an approach to remove cross-site scripting vulnerabilities from the source code before an application is deployed. We make use of the OWASP cross-site scripting prevention rules as guideline in our approach. The proposed approach is, so far, only implemented and validated on Java-based Web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluation results have indicated promising results. Science and Knowledge Research Society 2015 Conference or Workshop Item PeerReviewed text en http://psasir.upm.edu.my/id/eprint/67003/1/ICCSCM-5.pdf Hydara, Isatou and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro, Novia Indriaty (2015) Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines. In: 4th International Conference on Computer Science and Computational Mathematics (ICCSCM 2015), 7-8 May 2015, Langkawi, Malaysia. (pp. 649-653). |
| spellingShingle | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro, Novia Indriaty Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title | Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title_full | Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title_fullStr | Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title_full_unstemmed | Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title_short | Removing cross-site scripting vulnerabilities from web applications using the OWASP ESAPI security guidelines |
| title_sort | removing cross-site scripting vulnerabilities from web applications using the owasp esapi security guidelines |
| url | http://psasir.upm.edu.my/id/eprint/67003/ http://psasir.upm.edu.my/id/eprint/67003/1/ICCSCM-5.pdf |