Identifying Cross Site Scripting Vulnerabilities in Web Applications
WSE '04 Proceedings of the Web Site Evolution, Sixth IEEE International Workshop
A software flaw taxonomy: aiming tools at security
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Software security assurance tools, techniques and metrics (SSATTM)
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in
eclipse '06 Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
| Hi-index | 0.00 |
It has been found that almost 70% of the recent attacks in Web Applications have been carried out even when the systems have been protected with well laid Firewalls and Intrusion Detection Systems. Advisories sites report that more than 20% of the attacks have originated from Cross Site Scripting (XSS) vulnerabilities. Our analysis has shown that more than 40% of the vulnerabilities that are confirmed in Common Vulnerability Exposures (CVE), were based on PHP Script in the year 2006. Out of these PHP based vulnerabilities, 45% are classified under XSS. By organizing these errors into a simple taxonomy and mapping CVE with the Common Weakness Enumeration (CWE) of Mitre Corp, we have constructed a Common XSS vulnerability Enumeration (CXE). With the help of CXE, security practitioners can recognize the common types of developer patterns leading to coding errors in PHP, that result in XSS vulnerability, while developers can identify and rectify existing errors as they build software.