Detection and Removing Cross Site Scripting Vulnerability in PHP Web Application

Cross Site Scripting (XSS) vulnerability acts as one of the chief widespread security issues in web applications. By reviewing the literature pertaining to XSS vulnerability, it has been found that many investigations have directed their energy only on XSS vulnerability detection, but not many studies have concentrated on removing XSS vulnerability. This paper embed the removal stage of XSS vulnerability to our previous approach of detection XSS vulnerability, in a way to make the approach fully to detect and remove XSS vulnerability from PHP source code. We conducted two experiments to detect and remove Reflected and Stored XSS vulnerability. The results show that our approach is able to detect and remove XSS vulnerability in PHP source code. More research is required in the field of removing XSS vulnerability from the application source code before deployment.

[1]  Novia Admodisastro,et al.  Current state of research on cross-site scripting (XSS) - A systematic literature review , 2015, Inf. Softw. Technol..

[2]  Novia Admodisastro,et al.  An approach for cross-site scripting detection and removal based on genetic algorithms. , 2014, ICSEA 2014.

[3]  Mahesh Chandra Govil,et al.  Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications , 2015, 2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE).

[4]  R. Kumar Mitigating the authentication vulnerabilities in Web applications through security requirements , 2011, 2011 World Congress on Information and Communication Technologies.

[5]  Zarul Fitri Zaaba,et al.  Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm , 2017 .

[6]  Jonas Ceponis,et al.  Evaluation of Open Source Server-Side XSS Protection Solutions , 2013, ICIST.

[7]  Lwin Khin Shar,et al.  Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..

[8]  Novia Admodisastro,et al.  Cross-site scripting detection based on an enhanced genetic algorithm , 2015 .

[9]  Shuyuan Jin,et al.  XSS Vulnerability Detection Using Optimized Attack Vector Repertory , 2015, 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[10]  Lionel C. Briand,et al.  Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[11]  Brij Bhooshan Gupta,et al.  Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..

[12]  Moataz A. Ahmed,et al.  Multiple-path testing for cross site scripting using genetic algorithms , 2016, J. Syst. Archit..

[13]  Zhoujun Li,et al.  Program Slicing Stored XSS Bugs in Web Application , 2011, 2011 Fifth International Conference on Theoretical Aspects of Software Engineering.

[14]  Atul Gupta,et al.  On Security Issues in Web Applications through Cross Site Scripting (XSS) , 2013, 2013 20th Asia-Pacific Software Engineering Conference (APSEC).