Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd
DOI:
https://doi.org/10.24002/ijis.v3i2.4192Keywords:
Cross Site Scripting (XSS), web application security, OWASP Security ShepherdAbstract
Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.
One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.
There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.References
Digital Around the Word from We Are Social. Available at https://wearesocial.com/blog/2020/04/digital-around-the-world-in-april-2020 .Accessed Januari 21th, 2020.
OWASP, OWASP Top 10 – 2017. Available at https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf . Accessed May 1, 2020.
Gupta S, Gupta B B. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art[J]. International Journal of System Assurance Engineering and Management, 2017, 8(1): 512-530.
Hadpawat T, Vaya D. Analysis of Prevention of XSS Attacks at Client Side[J]. Analysis, 2017, 173(10).
Gupta M K, Govil M C, Singh G. Text-mining based predictive model to detect XSS vulnerable files in Web applications[C]//India Conferen (INDICON), 2015 Annual IEEE. IEEE, 2015: 1-6.
Mohammadi M, Chu B, Lipford H R. Detecting Cross-Site Scripting Vulnerabilities through Automated Unit Testing[C]//Software Quality, Reliability and Security (QRS), 2017 IEEE International Conference on. IEEE, 2017: 364- 373.
Nithya V, Pandian S L, Malarvizhi C. A survey on detection and prevention of cross-site scripting attack[J]. International Journal of Security and Its Applications, 2015, 9(3): 139-152.
The OWASP Foundation, “ZAP Proxy.”
R. Mardisalu, “14 Most Alarming Cyber Security Statistics in 2019,” 2019. [Online]. Available: https://thebestvpn.com/cyber-securitystatistics2019/.
I. Riadi, R. Umar, and W. Sukarno, “Vulnerability of Injection Attacks Against The Application Security of Framework Based Bebsites Open Web Access Security Project (OWASP),” J. Inform., vol. 12, no. 2, pp. 53–57, 2018
The OWASP Foundation, “OWASP Risk Rating Methodology,” 2019. [Online]. Available: https://www.owasp.org/index.php/Threat_Risk_ Modeling.
D. Saputra and I. Riadi, “Network Forensics Analysis of Man in the Middle Attack Using Live Forensics Network Forensics Analysis of Man in the Middle Attack Using Live Forensics Method,” Int. J. CyberSecurity Digit. Forensics, vol. 8, no. 1, pp. 66–73, 2019.
K. Pandey, “A Bug Tracking Tool for Efficient Penetration Testing,” Int. J. Educ. Manag. Eng., vol. 8, no. 3, pp. 14–20, 2018.
IT-Digital, El 100% de las aplicaciones web contienen vulnerabilidades, 2018, http://discoverthenew.ituser.es/security-and-risk-management/2018/04/el-100-de-lasaplicaciones-web-contienen-vulnerabilidades.
Downloads
Published
How to Cite
Issue
Section
License
Indonesian Journal of Information Systems as journal publisher holds copyright of papers published in this journal. Authors transfer the copyright of their journal by filling Copyright Transfer Form and send it to Indonesian Journal of Information Systems.
![Creative Commons License](https://i.creativecommons.org/l/by-sa/4.0/88x31.png)
Indonesian Journal of Information Systems is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.