An analysis of XSS, CSRF and SQL injection in colombian software and web site development

Álvarez, Elena; Correa, Daniel; Arango, I Fernando

doi:10.1109/eatis.2016.7520140

Cited by 7 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Reference [10] checked various Colombian websites against XSS, CSRF, and SQL Injection vulnerability. The team first identified "main Colombian economic sectors" from an article.…”

Section: Related Workmentioning

confidence: 99%

Measurement of Unsupported Applications used in Indonesia Popular Websites

Nugroho

Steven²

2021

Jurnal Ilmiah Teknik Elektro Komputer Dan Informatika

View full text Add to dashboard Cite

A security vulnerability exists in unsupported systems, and using applications supported by their maintainer help to reduce attacks based on such vulnerabilities. However, website administrators may ignore this exercise due to various reasons. This research measures the top 1,500 websites in Indonesia on how much of them are using supported applications to prevent such attacks, based on the application version number. The measurement is performed automatically using the Wappalyzer tool. From such measurement, we found that most of the applications detected do not contain version information (70%) or invalid version number (11%). We also found that more than half of the websites measured contain at least one unsupported application. In terms of the applications used, we found that many Nginx users worryingly do not keep their server version updated, while Apache and WordPress did a good job in keeping their users using the most recent version. This study highlights the need for website administrators to have their applications up to date to the supported versions, as well as for application developers to promote application updates to their users.

show abstract

“…Reference [10] checked various Colombian websites against XSS, CSRF, and SQL Injection vulnerability. The team first identified "main Colombian economic sectors" from an article.…”

Section: Related Workmentioning

confidence: 99%

Measurement of Unsupported Applications used in Indonesia Popular Websites

Nugroho

Steven²

2021

Jurnal Ilmiah Teknik Elektro Komputer Dan Informatika

View full text Add to dashboard Cite

show abstract

“…Данная уязвимость также может эксплуатироваться совместно с XSS-атаками. В работе [13] авторы дали определения XSS, CSRF и описали их сходства и различия.…”

Section: основные понятия и принципыunclassified

Models and scenarios of implementation of threats for internet resources

Lesko

2020

Rossijskij tehnologičeskij žurnal

View full text Add to dashboard Cite

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

show abstract