Development of Content Security Policy Detection and Reporting Web Application
DOI:
https://doi.org/10.24203/ijcit.v12i1.309Keywords:
Web Application Security, Content Security Policy, Features/Permission PolicyAbstract
Attacks detection and prevention is becoming progressively challenging, in Web Application. The Web Applications requisite attack detection interface that can check about the services, analyzed obviate studies, and perform real time monitoring to secure the web applications. There are esteemed threats use for data hack and website defacement such as XSS (Cross-Site Scripting), XSRF (Cross-Ste Request Forgery), XEE (XML External Entity), Code Injections, DOS(Denial of Services) etc. The number of XSS has been increasing with high intensity, so it is compulsory to develop solutions that can detect and report attacks as well as analyze for prevention of modern web applications. Based on this situation this paper proposed a method which is Content Security Policy for detection and reporting vulnerable web applications. Content Security Policy also prevents the exploitation of cross-site scripting vulnerabilities.
References
Chen, H.-C., Nshimiyimana, A., Damarjati, C., & Chang, P.-H. (2021). Detection and prevention of cross-site scripting attack with combined approaches. 2021 International Conference on Electronics, Information, and Communication (ICEIC).
Weichselbaum, L., Spagnuolo, M., Lekies, S., & Janc, A. (2016). CSP is dead, long live CSP! on the insecurity of Whitelists and the future of content security policy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.
Hoffman, A. (2020). Web application security: Exploitation and countermeasures for modern web applications. O'Reilly Media.
Muzaki, R. A., Briliyant, O. C., Hasditama, M. A., & Ritchi, H. (2020). Improving security of web-based application using ModSecurity and reverse proxy in web application firewall. 2020 International Workshop on Big Data and Information Security (IWBIS).
Stamm, S., Sterne, B., & Markham, G. (2010). Reining in the web with content security policy. Proceedings of the 19th International Conference on World Wide Web - WWW '10.
Lavrenovs, A., & Melon, F. J. (2018). HTTP security headers analysis of top one million websites. 2018 10th International Conference on Cyber Conflict (CyCon).
Lepofsky, R. (2014). Web application vulnerabilities and countermeasures. The Manager's Guide to Web Application Security: 47-79.
Calzavara, S., Rabitti, A., & Bugliesi, M. (2016). Content security problems? Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.
Stamm, S., Sterne, B., & Markham, G. (2010). Reining in the web with content security policy. Proceedings of the 19th International Conference on World Wide Web - WWW '10. https://doi.org/10.1145/1772690.1772784
Johari, R., & Sharma, P. (2012). A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL Injection. 2012 International Conference on Communication Systems and Network Technologies.
Sahin, M., & Sogukpinar, I. (2017). An efficient firewall for web applications (EFWA). 2017 International Conference on Computer Science and Engineering (UBMK).
Shrivastava, A., Choudhary, S., & Kumar, A. (2016). XSS vulnerability assessment and prevention in web application. 2016 2nd International Conference on Next Generation Computing Technologies (NGCT).
Yusof, I., & Pathan, A.-S. K. (2014). Preventing persistent cross-site scripting (XSS) attack by applying pattern filtering approach. The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M).
Babiker, M., Karaarslan, E., & Hoscan, Y. (2018). Web application attack detection and forensics: A survey. 2018 6th International Symposium on Digital Forensic and Security (ISDFS).
Huang, H.-C., Zhang, Z.-K., Cheng, H.-W., & Shieh, S. W. (2017). Web application security: Threats, countermeasures, and Pitfalls. Computer, 50(6), 81-85.
Hadpawat, T., & Vaya, D. (2017). Analysis of prevention of XSS attacks at client side. International Journal of Computer Applications, 173(10), 1-4.
Some, D. F., Bielova, N., & Rezk, T. (2017). On the content security policy violations due to the same-origin policy. Proceedings of the 26th International Conference on World Wide Web.
Patil, K., & Shah, R. (2018). A measurement study of the sub resource integrity mechanism on real-world applications. International Journal of Security and Networks, 13(2), 129.
S.Choudhary, A., & L. Dhore, M. (2012). CIDT: Detection of malicious code injection attacks on web application. International Journal of Computer Applications, 52(2), 19-26.
Mitropoulos, D., Louridas, P., Polychronakis, M., & Keromytis, A. D. (2019). Defending against web application attacks: Approaches, challenges and implications. IEEE Transactions on Dependable and Secure Computing, 16(2), 188-203.
Yadav, D., Gupta, D., Singh, D., Kumar, D., & Sharma, U. (2018). Vulnerabilities and security of web applications. 2018 4th International Conference on Computing Communication and Automation (ICCCA).
Products - content security policy. Report URI. (n.d.). Retrieved May 14, 2022, from https://report-uri.com/products/content_security_policy
OWASP, "OWASP Top Ten," OWASP, 2020. [Online]. Available: https://owasp.org/www-project-top-ten/. [Accessed 31 07 2020].
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Mahwish Naz, Kilhung Lee
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
The articles published in International Journal of Computer and Information Technology (IJCIT) is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.