Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting

Marashdih, Abdalla Wasef; Zaaba, Zarul Fitri; Suwais, Khaled; Mohd, Nur Azimah

doi:10.1016/j.procs.2019.11.230

Cited by 21 publications

(9 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Menindaklanjuti kebutuhan ini, aplikasi akan dibangun dengan berbasis web dan menerapkan metode WDLC (Web Development Life Cycle) untuk pengembangan aplikasi. Pemilihan web didasarkan pada kebutuhan organisasi, anggapan bahwa web saat ini dianggap sebagai platform standar untuk melakukan peluncuran berbagai layanan pada web [10]. Selain hal itu, keuntungan dari aplikasi web yakni tersedia secara bebas, dapat diakses melalui perangkat apapun [11] dan dalam penerapannya, karena tidak memerlukan perangkat lunak atau konfigurasi khusus yang perlu dilakukan oleh klien [12].…”

Section: Pendahuluanunclassified

Rancang Bangun Aplikasi Naskah Dinas Elektronik Berbasis Web Menggunakan WDLC

Febriyani¹,

Hadiprakoso²

2021

ULTIMA InfoSys

View full text Add to dashboard Cite

In the modern era of technological development, the application of electronic official script management is a solution to the administrative and communication challenges of agencies during the pandemic, such as today, where administrative work needs to be done from home (work from home). With the condition of a high level of need, the management of official manuscripts in the XYZ organization still uses conventional methods. So, this raises obstructed letter distribution and loss documents problem, and waste of paper use. We propose the Electronic Service Manuscript Management Application to replace the official script management process that previously applied conventional methods to using electronic methods to solve this problem. Besides, we also implement security aspects in the SHA-512 algorithm to fulfill authentication, AES-128 to meet confidentiality, and RSA2048 to meet integrity and non-repudiation. Apart from the security aspect, functionally, the system is built based on the Guidelines for Electronic Service Manuscripts, which are tailored to the organization's needs. The system development uses the Web Development Life Cycle (WDLC) methodology using the Yii2 framework. From the research results, it is concluded that the Electronic Service Manuscript Management Application has been built according to the needs of the organization and can be a security alternative in the official script management process. Index Terms—digital signature; encryption; official script management; WDLC

show abstract

Section: Pendahuluanunclassified

Rancang Bangun Aplikasi Naskah Dinas Elektronik Berbasis Web Menggunakan WDLC

Febriyani¹,

Hadiprakoso²

2021

ULTIMA InfoSys

View full text Add to dashboard Cite

show abstract

“…This is not friendly to programmers, and coders are more willing to see problems in the source code pointed out directly. Moreover, in this regard, the dynamic nature of fuzzing also leads to code coverage issues is inevitable [30].…”

Section: Xss Vulnerability Detectionmentioning

confidence: 99%

Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining

Wang

Miao

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

The largest number of cybersecurity attacks is on web applications, in which Cross-Site Scripting (XSS) is the most popular way. The code audit is the main method to avoid the damage of XSS at the source code level. However, there are numerous limits implementing manual audits and rule-based audit tools. In the age of big data, it is a new research field to assist the manual auditing through machine learning. In this paper, we propose a new way to audit the XSS vulnerability in PHP source code snippets based on a PHP code parsing tool and the machine learning algorithm. We analyzed the operation sequence of source code and built a model to acquire the information that is most closely related to the XSS attack in the data stream. The method proposed can significantly improve the recall rate of vulnerability samples. Compared with related audit methods, our method has high reusability and excellent performance. Our classification model achieved an F1 score of 0.92, a recall rate of 0.98 (vulnerable sample), and an area under curve (AUC) of 0.97 on the test dataset.

show abstract

“…Gambar 2. Alur metodologi WebML [10] III. METODOLOGI Pada penelitian ini metodologi penelitian yang digunakan adalah penelitian kualitatif dengan metode pengembangan perangkat lunak Web Modelling Language (WebML).…”

Section: Landasan Teoriunclassified

Rancang Bangun Aplikasi Rekapitulasi Obat dengan Menerapkan Tanda Tangan Digital

Rahmawati¹,

Hadiprakoso²

2020

ULTIMA InfoSys

View full text Add to dashboard Cite

The current condition experienced by the XYZ Polyclinic is that there is no application built to simplify the service process contained in the polyclinic so that all service processes are still manual. An example is the calculation of the number of drugs that are in and out of use. This calculation takes a long time, is prone to errors in accounting, and consumes many papers. To solve this problem, we develop an application to recap drugs. The drug recapitulation application is based on a website with the WebML method using the CodeIgniter framework and MySQL database. The application produces the result in the form of a PDF file of the drug recapitulation report per month and day. As a security feature, the monthly drug recapitulation report results include a digital signature as proof of authentication, integrity, and anti-denial. The application built has been tested using web testing methods and user acceptance testing to be applied.

show abstract

Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting

Cited by 21 publications

References 16 publications

Rancang Bangun Aplikasi Naskah Dinas Elektronik Berbasis Web Menggunakan WDLC

Rancang Bangun Aplikasi Naskah Dinas Elektronik Berbasis Web Menggunakan WDLC

Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining

Rancang Bangun Aplikasi Rekapitulasi Obat dengan Menerapkan Tanda Tangan Digital

Contact Info

Product

Resources

About