Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for ...Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.展开更多
With JavaScript being the most popular programming language on the web,several new JavaScript frameworks are released every year.A well designed framework may help developers create secure applications.The goal of our...With JavaScript being the most popular programming language on the web,several new JavaScript frameworks are released every year.A well designed framework may help developers create secure applications.The goal of our study is to understand how framework developers can best protect applications developed using their framework.In this work we studied how cross-site request forgery vulnerability is mitigated in several server-side JavaScript frameworks:Express.js,Koa.js,Hapi.js,Sails.js,and Meteor.js.We then analyzed open source applications developed with these frameworks using open source and custom written tools for automated static analysis and identified the percentage of protected applications for each framework.We correlated our analysis results to the implementation levels of mitigating controls in each framework and performed statistical analysis of our results to ensure no other confounding factors were involved.Based on the received outcomes we provide recommendations for framework developers on how to create frameworks that produce secure applications.展开更多
文摘Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.
文摘With JavaScript being the most popular programming language on the web,several new JavaScript frameworks are released every year.A well designed framework may help developers create secure applications.The goal of our study is to understand how framework developers can best protect applications developed using their framework.In this work we studied how cross-site request forgery vulnerability is mitigated in several server-side JavaScript frameworks:Express.js,Koa.js,Hapi.js,Sails.js,and Meteor.js.We then analyzed open source applications developed with these frameworks using open source and custom written tools for automated static analysis and identified the percentage of protected applications for each framework.We correlated our analysis results to the implementation levels of mitigating controls in each framework and performed statistical analysis of our results to ensure no other confounding factors were involved.Based on the received outcomes we provide recommendations for framework developers on how to create frameworks that produce secure applications.
