Abstract
With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.
Highlights
Over the past decade, the Internet has witnessed tremendous growth in the volume, nature, and channel of information exchange across several media irrespective of distance or location
We propose a fuzzy-based approach for the detection of DOM-based XSS vulnerabilities in web applications. e contributions of this work are as follows: (i) Selection and implementation of DOM-based features for XSS detection using the Open Web Application Security Project (OWASP) web application security guideline (ii) Application of the fuzzy logic inference system to web application vulnerability detection (iii) Implementation of the user interface for users to have a verdict on their level of exposure to cross-site scripting attack while visiting a website
Cross-site scripting (XSS) vulnerabilities occur when data get into web application through an untrusted source, mainly a web request, and the data are included in dynamic content that is sent to a web user as the HTTP response without being validated for the malicious script
Summary
The Internet has witnessed tremendous growth in the volume, nature, and channel of information exchange across several media irrespective of distance or location. Malicious injection of the code within vulnerable web applications to trick users and redirect them to untrusted websites is called cross-site scripting (XSS). Is could occur with the use of special characters to cause web browser interpreters to switch from data context to code context It is exhibited through aws in the application code, inappropriate user input authorization, or nonadherence to security standards by software developers. We propose a fuzzy-based approach for the detection of DOM-based XSS vulnerabilities in web applications. (i) Selection and implementation of DOM-based features for XSS detection using the OWASP web application security guideline (ii) Application of the fuzzy logic inference system to web application vulnerability detection (iii) Implementation of the user interface for users to have a verdict on their level of exposure to cross-site scripting attack while visiting a website.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
