CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Client-side Automated Sanitizer for Cross-Site Scripting Vulnerabilities

by D. K. Patil, K. R. Patil
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 121 - Number 20
Year of Publication: 2015
Authors: D. K. Patil, K. R. Patil
10.5120/21653-5063

D. K. Patil, K. R. Patil . Client-side Automated Sanitizer for Cross-Site Scripting Vulnerabilities. International Journal of Computer Applications. 121, 20 ( July 2015), 1-8. DOI=10.5120/21653-5063

@article{ 10.5120/21653-5063,
author = { D. K. Patil, K. R. Patil },
title = { Client-side Automated Sanitizer for Cross-Site Scripting Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { July 2015 },
volume = { 121 },
number = { 20 },
month = { July },
year = { 2015 },
issn = { 0975-8887 },
pages = { 1-8 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume121/number20/21653-5063/ },
doi = { 10.5120/21653-5063 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:08:54.065781+05:30
%A D. K. Patil
%A K. R. Patil
%T Client-side Automated Sanitizer for Cross-Site Scripting Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 121
%N 20
%P 1-8
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Web applications are useful for various online services. These web applications are becoming ubiquitous in our daily lives. They are used for multiple purposes such as e-commerce, financial services, emails, healthcare services and many other captious services. But the presence of vulnerabilities in the web application may become a serious cause for the security of the web application. A web application may contain different types of vulnerabilities. According to OWASP TOP 10 vulnerability report, Cross-site Scripting (XSS) is among top 5 vulnerabilities. So this research work aims to implement effective solution for the prevention of cross-site scripting vulnerabilities. In this paper, we implemented a novel client-side XSS sanitizer that prevents web applications from XSS attacks. Our sanitizer is able to detect cross-site scripting vulnerabilities at the client-side. It strengthens web browser, because modern web browser do not provide any specific notification, alert or indication of security holes or vulnerabilities and their presence in the web application.

References
  1. Dromaeo javascript performance testing. Available at http: //dromaeo. com/, JavaScript Performance Testing.
  2. Mozilla developer network. Available at https: //developer. mozilla. org/en-US/Add-ons, Mozilla.
  3. Mozilla firefox extensions. Available at https: //addons. mozilla. org/en-US/firefox/extensions/, Mozilla Firefox.
  4. New international project on web vulnerabilities. Available at https://www. owasp. org/index. php, OWASP.
  5. Prevent xss with jsoup jsoup sanitizer. Available at http://jsoup. org/cookbook/cleaning-html/ whitelist-sanitizer, JSOUP.
  6. Survey by cenzic inc. application vulnerability report. Available at https://www. info-point-security. com/sites/default/files/ cenzic-vulnerability-report-2014. pdf, Vulnerability Report 2014.
  7. The xss sanitize package. Available at https://hackage. haskell. org/package/xss-sanitize, The XSS Sanitizer.
  8. Xss sanitizer plugin. Available at https://grails. org/ plugin/xss-sanitizer,XSS Sanitizer Plugin.
  9. Davide Canali, Marco Cova, Giovanni Vigna, and Christopher Kruegel. Prophiler: A fast filter for the large-scale detection of malicious web pages. In Proceedings of the 20th International Conference on World Wide Web, WWW '11, pages 197–206, New York, NY, USA, 2011. ACM.
  10. Vivek Chandra and Nidhi Saxena. Article: An improved technique for web page classification in respect of domain specific search. International Journal of Computer Applications, 102(4):7–10, September 2014. Full text available.
  11. Shuo Chen, Jose Meseguer, Ralf Sasse, Helen Wang, Yi min Wang, Shuo Chen, Jos Meseguer, Ralf Sasse, Helen J. Wang, and Yi minWang. A systematic approach to uncover gui logic flaws for web security, 2006.
  12. Marco Cova, Christopher Kruegel, and Giovanni Vigna. Detection and analysis of drive-by-download attacks and malicious javascript code. In Proceedings of the 19th International Conference on World Wide Web, WWW '10, pages 281–290, New York, NY, USA, 2010. ACM.
  13. Laura Falk, Atul Prakash, and Kevin Borders. Analyzing websites for user-visible security design flaws. In Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS '08, pages 117–126, New York, NY, USA, 2008. ACM.
  14. Matthew Finifter, JoelWeinberger, and Adam Barth. Preventing capability leaks in secure javascript subsets. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2010, San Diego, California, USA, 28th February - 3rd March 2010, 2010.
  15. Dinei Florencio and Cormac Herley. A large-scale study of web password habits. In Proceedings of the 16th International Conference on World Wide Web, WWW '07, pages 657–666, New York, NY, USA, 2007. ACM.
  16. Mohamed Ghazouani, Sophia Faris, Hicham Medromi, and Adil Sayouti. Article: Information security risk assessment a practical approach with a mathematical formulation of risk. International Journal of Computer Applications, 103(8):36– 42, October 2014. Full text available.
  17. Stefan Kals, Engin Kirda, Christopher Kruegel, and Nenad Jovanovic. Secubat: A web vulnerability scanner. In Proceedings of the 15th International Conference on World Wide Web,WWW'06, pages 247–256, New York, NY, USA, 2006. ACM.
  18. Navjot Kaur and Himanshu Aggarwal. Article: Web log analysis for identifying the number of visitors and their behavior to enhance the accessibility and usability of website. International Journal of Computer Applications, 110(4):25–30, January 2015. Full text available.
  19. M. V. Kishore, G. Pandit Samuel, N. Aditya Sundar, M. Enayath Ali, and Y. Lalitha Varma. Article: A novel methodology for secure communications and prevention of forgery attacks. International Journal of Computer Applications, 96(22):5– 12, June 2014. Full text available.
  20. Anuradha K. Kudlikar and Meghana B. Nagori. Article: Refinement in personalize web search system with privacy protection. International Journal of Computer Applications, 117(6):1–6, May 2015. Full text available.
  21. Zeynab Liraki, Ali Harounabadi, and Javad Mirabedini. Article: Predicting the users' navigation patterns in web, using weighted association rules and users' navigation information. International Journal of Computer Applications, 110(12):16– 21, January 2015. Full text available.
  22. Laxmi Shanker Maurya and Anil Kumar Malviya. Article: Web application reliability assessment using error and workload data obtained from server error and access logs. International Journal of Computer Applications, 97(15):6–9, July 2014. Full text available.
  23. D. K. Patil and Dr. K. R. Patil. A survey on web application vulnerabilities. IJRAET, 3:20–26, 2015.
  24. Smita Ranveer and Swapnaja Hiray. Article: Comparative analysis of feature extraction methods of malware detection. International Journal of Computer Applications, 120(5):1–7, June 2015. Full text available.
  25. Minh-Thai Trinh, Duc-Hiep Chu, and Joxan Jaffar. S3: A symbolic string solver for vulnerability detection in web applications. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 1232–1243, New York, NY, USA, 2014. ACM.
  26. Sonali Utsai and Ram B. Joshi. Article: Dos attack reduction by using web service filter. International Journal of Computer Applications, 105(14):4–9, November 2014. Full text available.
  27. Chuan Yue and Haining Wang. A measurement study of insecure javascript practices on the web. ACM Trans. Web, 7(2):7:1–7:39, May 2013.
  28. Rui Zhao and Chuan Yue. All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design. In Elisa Bertino, Ravi S. Sandhu, Lujo Bauer, and Jaehong Park, editors, CODASPY, pages 333–340. ACM, 2013.
  29. Yunhui Zheng, Xiangyu Zhang, and Vijay Ganesh. Z3-str: A z3-based string solver for web application analysis. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2013, pages 114–124, New York, NY, USA, 2013. ACM.
Index Terms

Computer Science
Information Sciences

Keywords

Web application Cross-site scripting Vulnerability Sanitizer

Powered by PhDFocusTM