Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application
- Title
- Assessment of Dynamic Open-source Cross-site Scripting Filters for Web Application
- Author
- 도경구
- Keywords
- Cross-site scripting; filters; open-source; web application; security; assessment
- Issue Date
- 2021-10
- Publisher
- KSII-KOR SOC INTERNET INFORMATION
- Citation
- KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, v. 15, NO 10, Page. 3750-3770
- Abstract
- This study investigates open-source dynamic XSS filters used as security devices in web
applications to account for the effectiveness of filters in protecting against XSS attacks. The
experiment involves twelve representative filters, which are examined individually by placing
them into the final output function of a custom-built single-input-form web application. To
assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving
benign payloads, a black-box testing method is applied using an automated XSS testing
framework. The result in working with malicious and benign payloads shows an important
trade-off in the filters’ tasks. Because the filters that only check for dangerous or safe elements,
they seem to neglect to validate their values. As some safe values are mistreated as dangerous
elements, their benign payload function is lost in the way. For the filters to be more effective,
it is suggested that they should be able to validate the respective values of malicious and benign
payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides
important insight regarding the filters that can be used to mitigate threats, including the
possible configurations to improve them in handling both malicious and benign payloads.
- URI
- https://kiss.kstudy.com/thesis/thesis-view.asp?key=3909481https://repository.hanyang.ac.kr/handle/20.500.11754/169877
- ISSN
- 1976-7277
- DOI
- 10.3837/tiis.2021.10.015
- Appears in Collections:
- ETC[S] > 연구정보
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML