Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Abu Talib, Nurul Atiqah | - |
dc.contributor.author | Doh, Kyung-Goo | - |
dc.date.accessioned | 2022-07-18T01:31:45Z | - |
dc.date.available | 2022-07-18T01:31:45Z | - |
dc.date.created | 2021-12-06 | - |
dc.date.issued | 2021-10 | - |
dc.identifier.issn | 1976-7277 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/108186 | - |
dc.description.abstract | This study investigates open-source dynamic XSS filters used as security devices in web applications to account for the effectiveness of filters in protecting against XSS attacks. The experiment involves twelve representative filters, which are examined individually by placing them into the final output function of a custom-built single-input-form web application. To assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving benign payloads, a black-box testing method is applied using an automated XSS testing framework. The result in working with malicious and benign payloads shows an important trade-off in the filters' tasks. Because the filters that only check for dangerous or safe elements, they seem to neglect to validate their values. As some safe values are mistreated as dangerous elements, their benign payload function is lost in the way. For the filters to be more effective, it is suggested that they should be able to validate the respective values of malicious and benign payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides important insight regarding the filters that can be used to mitigate threats, including the possible configurations to improve them in handling both malicious and benign payloads. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | 한국인터넷정보학회 | - |
dc.title | Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Doh, Kyung-Goo | - |
dc.identifier.doi | 10.3837/tiis.2021.10.015 | - |
dc.identifier.scopusid | 2-s2.0-85118991489 | - |
dc.identifier.wosid | 000714446400015 | - |
dc.identifier.bibliographicCitation | KSII Transactions on Internet and Information Systems, v.15, no.10, pp.3750 - 3770 | - |
dc.relation.isPartOf | KSII Transactions on Internet and Information Systems | - |
dc.citation.title | KSII Transactions on Internet and Information Systems | - |
dc.citation.volume | 15 | - |
dc.citation.number | 10 | - |
dc.citation.startPage | 3750 | - |
dc.citation.endPage | 3770 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.description.journalRegisteredClass | kci | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | Cross-site scripting | - |
dc.subject.keywordAuthor | filters | - |
dc.subject.keywordAuthor | open-source | - |
dc.subject.keywordAuthor | web application | - |
dc.subject.keywordAuthor | security | - |
dc.subject.keywordAuthor | assessment | - |
dc.identifier.url | http://itiis.org/digital-library/25023 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.