XSS Vulnerabilities in Cloud-Application Add-Ons

Bui, Thanh; Rao, Siddharth Prakash; Antikainen, Markku; Aura, Tuomas

doi:10.1145/3320269.3384744

Cited by 6 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security-attack-based protections: Researchers have adapted several strategies to protect against several attacks, especially in a cloud-based system. Concerning cross-site scripting (XSS), Bui et al [ 17 ] found vulnerabilities in the APIs of cloud-based applications where external extensions might result in security flaws. For example, adversaries could exploit cloud services’ document sharing and messaging aspects to deliver malicious input.…”

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.

show abstract

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Challenges related to improper access control: In their discussion of cloud add-ons, Bui et al [ 25 ] discussed instances where attackers may deliver malicious data to cloud services using their document-sharing and messaging capabilities. They mentioned to prevent add-ons from having unrestricted access to user information in the host application, cloud application suppliers often incorporate permission-based access control.…”

Section: Resultsmentioning

confidence: 99%

Access Control Design Practice and Solutions in Cloud-Native Architecture: A Systematic Mapping Study

Rahaman

Tisha

Song

et al. 2023

Sensors

View full text Add to dashboard Cite

Protecting the resources of a cloud-native application is essential to meet an organization’s security goals. Cloud-native applications manage thousands of user requests, and an organization must employ a proper access control mechanism. However, unfortunately, developers sometimes grumble when designing and enforcing access decisions for a gigantic scalable application. It is sometimes complicated to choose the potential access control model for the system. Cloud-native software architecture has become an integral part of the industry to manage and maintain customer needs. A microservice is a combination of small independent services that might have hundreds of parts, where the developers must protect the individual services. An efficient access control model can defend the respective services and consistency. This study intends to comprehensively analyze the current access control mechanism and techniques utilized in cloud-native architecture. For this, we present a systematic mapping study that extracts current approaches, categorizes access control patterns, and provides developers guidance to meet security principles. In addition, we have gathered 234 essential articles, of which 29 have been chosen as primary studies. Our comprehensive analysis will guide practitioners to identify proper access control mechanisms applicable to ensuring security goals in cloud-native architectures.

show abstract

“…A common adopted classification is the one reported by OWASP itself that considers the location where untrusted data are supplied and processed: client-side and server-side XSS. This classification is adopted by several included studies [79,111,121,128,142,153]. In this review, we propose a more comprehensive classification based on the source of the vulnerability causing the attacks.…”

Section: Results Of the Search And Selection Processesmentioning

confidence: 99%

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Hannousse¹,

Yahiouche²,

Nait-Hamoud³

2022

Preprint

View full text Add to dashboard Cite

Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications. Since its reveal in late 1999 by Microsoft security engineers, several techniques have been developed in the aim to secure web navigation and protect web applications against XSS attacks. The problem became worse with the emergence of advanced web technologies such as Web services and APIs and new programming styles such as AJAX, CSS3 and HTML5. While new technologies enable complex interactions and data exchanges between clients and servers in the network, new programming styles introduce new and complicate injection flaws to web applications. XSS has been and still in the TOP 10 list of web vulnerabilities reported by the Open Web Applications Security Project (OWASP). Consequently, handling XSS attacks became one of the major concerns of several web security communities. In this paper, we contribute by conducting a systematic mapping and a comprehensive survey. We summarize and categorize existent endeavors that aim to protect against XSS attacks and develop XSS-free web applications. The present review covers 147 high quality published studies since 1999 including early publications of 2022. A comprehensive taxonomy is drawn out describing the different techniques used to prevent, detect, protect and defend against XSS attacks. Although the diversity of XSS attack types and the scripting languages that can be used to state them, the systematic mapping revealed a remarkable bias toward basic and JavaScript XSS attacks and a dearth of vulnerability repair mechanisms. The survey highlighted the limitations, discussed the potentials of existing XSS attack defense mechanisms and identified potential gaps.

show abstract

XSS Vulnerabilities in Cloud-Application Add-Ons

Cited by 6 publications

References 21 publications

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Access Control Design Practice and Solutions in Cloud-Native Architecture: A Systematic Mapping Study

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey

Contact Info

Product

Resources

About