Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application
- Authors
- Abu Talib, Nurul Atiqah; Doh, Kyung-Goo
- Issue Date
- Oct-2021
- Publisher
- 한국인터넷정보학회
- Keywords
- Cross-site scripting; filters; open-source; web application; security; assessment
- Citation
- KSII Transactions on Internet and Information Systems, v.15, no.10, pp.3750 - 3770
- Indexed
- SCIE
SCOPUS
KCI
- Journal Title
- KSII Transactions on Internet and Information Systems
- Volume
- 15
- Number
- 10
- Start Page
- 3750
- End Page
- 3770
- URI
- https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/108186
- DOI
- 10.3837/tiis.2021.10.015
- ISSN
- 1976-7277
- Abstract
- This study investigates open-source dynamic XSS filters used as security devices in web applications to account for the effectiveness of filters in protecting against XSS attacks. The experiment involves twelve representative filters, which are examined individually by placing them into the final output function of a custom-built single-input-form web application. To assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving benign payloads, a black-box testing method is applied using an automated XSS testing framework. The result in working with malicious and benign payloads shows an important trade-off in the filters' tasks. Because the filters that only check for dangerous or safe elements, they seem to neglect to validate their values. As some safe values are mistreated as dangerous elements, their benign payload function is lost in the way. For the filters to be more effective, it is suggested that they should be able to validate the respective values of malicious and benign payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides important insight regarding the filters that can be used to mitigate threats, including the possible configurations to improve them in handling both malicious and benign payloads.
- Files in This Item
-
Go to Link
- Appears in
Collections - COLLEGE OF COMPUTING > SCHOOL OF COMPUTER SCIENCE > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.