Web sanitization from malicious code injection attacks

Hussein Alnabulsi, Rafiqul Islam

Research output: Book chapter/Published conference paperConference paperpeer-review

1 Citation (Scopus)


We propose a new methodology to sanitize web pages to prevent code injection attacks. One of a common programming error that usually happens in the web application is using of an improper encoding method to sanitize the source code of the web page. Our methodology provides a proper encoding method to the webpages which have an improper encoding of untrusted data, so it can stop and prevent code injection attacks caused by improper encoding of untrusted data from occurring. Our framework is an automatic encoding method to sanitize web browser contains multiple interpreters, such as: JavaScript, CSS, HTML, and URI. In this methodology we also need to detect zero- day attack (XSS vulnerabilities) which may not be detected by detection tools. Our methodology can prevent a many types of code injection vulnerabilities, such as: XSS injection vulnerabilities. There is a study that sponsored by Google showed that thirty percent usage of encoding method is incorrect. This incorrect encoding leads to code injection vulnerabilities in the webpages. In some encoding cases we should utilize more than one encoding method in the context, such as: URI and JavaScript encoding methods.

Original languageEnglish
Title of host publicationInternational Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018
Subtitle of host publicationApplications and Techniques in Cyber Security and Intelligence
EditorsMohammed Atiquzzaman, Zheng Xu, Jemal Abawajy, Kim-Kwang Raymond Choo, Rafiqul Islam
PublisherSpringer-Verlag London Ltd.
Number of pages11
ISBN (Print)9783319987750
Publication statusPublished - 2019
EventInternational Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018 - Shanghai Univeristy, Shanghai, China
Duration: 11 Jul 201813 Jul 2018
https://researchoutput.csu.edu.au/admin/files/37226362/37225002_Published_Paper.pdf (proceedings preface and index)

Publication series

NameAdvances in Intelligent Systems and Computing
ISSN (Print)2194-5357


ConferenceInternational Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018
Internet address


Dive into the research topics of 'Web sanitization from malicious code injection attacks'. Together they form a unique fingerprint.

Cite this