Refine your search
Collections
Co-Authors
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Md Sultan, Abu Bakar
- Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines
Abstract Views :120 |
PDF Views:0
Authors
Affiliations
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang - 43400 UPM, Selangor, MY
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang - 43400 UPM, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 8, No 30 (2015), Pagination:Abstract
Software security vulnerabilities are present in many web applications and have led to many successful attacks on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to eliminate. Most solutions provided only focus on preventing attacks or detecting the vulnerabilities. Very few research works have addressed eliminating these vulnerabilities from the web applications source codes. In this paper, we propose an approach to remove cross-site scripting vulnerabilities from the source code before an application is deployed. We make use of the OWASP cross-site scripting prevention rules as guideline in our approach. The proposed approach is, so far, only implemented and validated on Java-based Web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluation results have indicated promising results.Keywords
Cross-Site Scripting, Software Security, Vulnerability RemovalFull Text
- Cross-Site Scripting Detection Based on an Enhanced Genetic Algorithm
Abstract Views :140 |
PDF Views:0
Authors
Affiliations
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM, Serdang - 43400, Selangor, MY
1 Department of Software Engineering and Information System, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM, Serdang - 43400, Selangor, MY
Source
Indian Journal of Science and Technology, Vol 8, No 30 (2015), Pagination:Abstract
Software security vulnerabilities have led to many successful attacks on applications, especially web applications, on a daily basis. These attacks, including cross-site scripting, have caused damages for both web site owners and users. Cross-site scripting vulnerabilities are easy to exploit but difficult to mitigate. Many solutions have been proposed for their detection. However, the problem of cross-site scripting vulnerabilities present in web applications still persists. In this paper, we propose to explore an approach based on genetic algorithms that will be able to detect cross-site scripting vulnerabilities in the source code before an application is deployed. The proposed approach is, so far, only implemented and validated on Java-based web applications, although it can be implemented in other programming languages with slight modifications. Initial evaluations have indicated promising results.Keywords
Cross-Site Scripting, Genetic Algorithm, Software Security, Vulnerability DetectionFull Text
- Asynchronous Web Technology in Online Counselling System
Abstract Views :227 |
PDF Views:0
Authors
Affiliations
1 Faculty of Computer Science and Information Technology, University Putra Malaysia
1 Faculty of Computer Science and Information Technology, University Putra Malaysia
Source
Indian Journal of Science and Technology, Vol 11, No 20 (2018), Pagination:Abstract
Objectives: To identify the users’ requirements of the Online Counselling System, to develop an AJAX-based Online Counselling System based on the analysed requirements and to measure its effectiveness. Methods / Statistical Analysis: This research work comprises a series of studies. Firstly, the questionnaire survey was conducted to understand the users’ requirements. The target respondents were students at a university in Malaysia and 170 participated in this study. Secondly, the development of an AJAX-based Online Counselling System based on the analysis users’ requirements and lastly, the evaluation of the developed Online Counselling System through the usability testing, conducted to see its effectiveness. Findings: Finding a research work that specifically measuring an AJAX-based application in terms of users’ satisfaction is lacking and could not be located. Therefore, this research work was conducted to measure an AJAX-based application system. In this study, we have used the usability testing as the user-centered technique to measure the effectiveness of the AJAX-based Online Counselling System. The Online Counselling System is an interactive and responsive application act as an alternative platform to the face-to-face counselling approach. There are four components covered in usability testing, namely, learnability, efficiency, memorability and satisfaction. The result shows that the Online Counselling System has met the user requirements, measured based on these four criteria. This could only be achieved through the use of AJAX approach development that provides a minimal page reloading and very suitable for an interactive web-based application system. This research work finding provides the evidence that the AJAX architecture principle offers a great promise for developers to develop a more interactive and responsive application without compromising on performance of the applicationKeywords
Asynchronous Web Technology, Counselling, Online Counselling System, AJAX, XMLBROWSERFull Text