Visible to the public Biblio

Filters: Keyword is coding practices  [Clear All Filters]
2020-12-07
Lemes, C. I., Naessens, V., Vieira, M..  2019.  Trustworthiness Assessment of Web Applications: Approach and Experimental Study using Input Validation Coding Practices. 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE). :435–445.
The popularity of web applications and their world-wide use to support business critical operations raised the interest of hackers on exploiting security vulnerabilities to perform malicious operations. Fostering trust calls for assessment techniques that provide indicators about the quality of a web application from a security perspective. This paper studies the problem of using coding practices to characterize the trustworthiness of web applications from a security perspective. The hypothesis is that applying feasible security practices results in applications having a reduced number of unknown vulnerabilities, and can therefore be considered more trustworthy. The proposed approach is instantiated for the concrete case of input validation practices, and includes a Quality Model to compute trustworthiness scores that can be used to compare different applications or different code elements in the same application. Experimental results show that the higher scores are obtained for more secure code, suggesting that it can be used in practice to characterize trustworthiness, also providing guidance to compare and/or improve the security of web applications.
2018-02-15
Zalbina, M. R., Septian, T. W., Stiawan, D., Idris, M. Y., Heryanto, A., Budiarto, R..  2017.  Payload recognition and detection of Cross Site Scripting attack. 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). :172–176.

Web Application becomes the leading solution for the utilization of systems that need access globally, distributed, cost-effective, as well as the diversity of the content that can run on this technology. At the same time web application security have always been a major issue that must be considered due to the fact that 60% of Internet attacks targeting web application platform. One of the biggest impacts on this technology is Cross Site Scripting (XSS) attack, the most frequently occurred and are always in the TOP 10 list of Open Web Application Security Project (OWASP). Vulnerabilities in this attack occur in the absence of checking, testing, and the attention about secure coding practices. There are several alternatives to prevent the attacks that associated with this threat. Network Intrusion Detection System can be used as one solution to prevent the influence of XSS Attack. This paper investigates the XSS attack recognition and detection using regular expression pattern matching and a preprocessing method. Experiments are conducted on a testbed with the aim to reveal the behaviour of the attack.