Assessment of dynamic open-source cross-site scripting filters for web application

3Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.

Abstract

This study investigates open-source dynamic XSS filters used as security devices in web applications to account for the effectiveness of filters in protecting against XSS attacks. The experiment involves twelve representative filters, which are examined individually by placing them into the final output function of a custom-built single-input-form web application. To assess the effectiveness of the filters in their tasks of sanitizing XSS payloads and in preserving benign payloads, a black-box testing method is applied using an automated XSS testing framework. The result in working with malicious and benign payloads shows an important trade-off in the filters’ tasks. Because the filters that only check for dangerous or safe elements, they seem to neglect to validate their values. As some safe values are mistreated as dangerous elements, their benign payload function is lost in the way. For the filters to be more effective, it is suggested that they should be able to validate the respective values of malicious and benign payloads; thus, minimizing the trade-off. This particular assessment of XSS filters provides important insight regarding the filters that can be used to mitigate threats, including the possible configurations to improve them in handling both malicious and benign payloads.

Cite

CITATION STYLE

APA

Talib, N. A. A., & Doh, K. G. (2021). Assessment of dynamic open-source cross-site scripting filters for web application. KSII Transactions on Internet and Information Systems, 15(10), 3750–3770. https://doi.org/10.3837/tiis.2021.10.015

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free