Web sanitization from malicious code injection attacks

Hussein Alnabulsi; Rafiqul Islam

doi:10.1007/978-3-319-98776-7_27

Web sanitization from malicious code injection attacks

Hussein Alnabulsi, Rafiqul Islam

Research output: Book chapter/Published conference paper › Conference paper › peer-review

1 Citation (Scopus)

Abstract

We propose a new methodology to sanitize web pages to prevent code injection attacks. One of a common programming error that usually happens in the web application is using of an improper encoding method to sanitize the source code of the web page. Our methodology provides a proper encoding method to the webpages which have an improper encoding of untrusted data, so it can stop and prevent code injection attacks caused by improper encoding of untrusted data from occurring. Our framework is an automatic encoding method to sanitize web browser contains multiple interpreters, such as: JavaScript, CSS, HTML, and URI. In this methodology we also need to detect zero- day attack (XSS vulnerabilities) which may not be detected by detection tools. Our methodology can prevent a many types of code injection vulnerabilities, such as: XSS injection vulnerabilities. There is a study that sponsored by Google showed that thirty percent usage of encoding method is incorrect. This incorrect encoding leads to code injection vulnerabilities in the webpages. In some encoding cases we should utilize more than one encoding method in the context, such as: URI and JavaScript encoding methods.

Original language	English
Title of host publication	International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018
Subtitle of host publication	Applications and Techniques in Cyber Security and Intelligence
Editors	Mohammed Atiquzzaman, Zheng Xu, Jemal Abawajy, Kim-Kwang Raymond Choo, Rafiqul Islam
Publisher	Springer-Verlag London Ltd.
Pages	251-261
Number of pages	11
ISBN (Print)	9783319987750
DOIs	https://doi.org/10.1007/978-3-319-98776-7_27
Publication status	Published - 2019
Event	International Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018 - Shanghai Univeristy, Shanghai, China Duration: 11 Jul 2018 → 13 Jul 2018 https://web.archive.org/web/20180909204616/http://www.atci2018.com/index.html https://researchoutput.csu.edu.au/admin/files/37226362/37225002_Published_Paper.pdf (proceedings preface and index)

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	842
ISSN (Print)	2194-5357

Conference

Conference	International Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018
Country/Territory	China
City	Shanghai
Period	11/07/18 → 13/07/18
Internet address	https://web.archive.org/web/20180909204616/http://www.atci2018.com/index.html https://researchoutput.csu.edu.au/admin/files/37226362/37225002_Published_Paper.pdf (proceedings preface and index)

Access to Document

10.1007/978-3-319-98776-7_27

Cite this

Alnabulsi, H., & Islam, R. (2019). Web sanitization from malicious code injection attacks. In M. Atiquzzaman, Z. Xu, J. Abawajy, K.-K. R. Choo, & R. Islam (Eds.), International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 : Applications and Techniques in Cyber Security and Intelligence (pp. 251-261). (Advances in Intelligent Systems and Computing; Vol. 842). Springer-Verlag London Ltd.. https://doi.org/10.1007/978-3-319-98776-7_27

Alnabulsi, Hussein ; Islam, Rafiqul. / Web sanitization from malicious code injection attacks. International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 : Applications and Techniques in Cyber Security and Intelligence. editor / Mohammed Atiquzzaman ; Zheng Xu ; Jemal Abawajy ; Kim-Kwang Raymond Choo ; Rafiqul Islam. Springer-Verlag London Ltd., 2019. pp. 251-261 (Advances in Intelligent Systems and Computing).

@inproceedings{3152bd1ba95247fbbe48a7e391ab8823,

title = "Web sanitization from malicious code injection attacks",

abstract = "We propose a new methodology to sanitize web pages to prevent code injection attacks. One of a common programming error that usually happens in the web application is using of an improper encoding method to sanitize the source code of the web page. Our methodology provides a proper encoding method to the webpages which have an improper encoding of untrusted data, so it can stop and prevent code injection attacks caused by improper encoding of untrusted data from occurring. Our framework is an automatic encoding method to sanitize web browser contains multiple interpreters, such as: JavaScript, CSS, HTML, and URI. In this methodology we also need to detect zero- day attack (XSS vulnerabilities) which may not be detected by detection tools. Our methodology can prevent a many types of code injection vulnerabilities, such as: XSS injection vulnerabilities. There is a study that sponsored by Google showed that thirty percent usage of encoding method is incorrect. This incorrect encoding leads to code injection vulnerabilities in the webpages. In some encoding cases we should utilize more than one encoding method in the context, such as: URI and JavaScript encoding methods.",

keywords = "Code injection attack, Encoding, Sanitization, XSS attack",

author = "Hussein Alnabulsi and Rafiqul Islam",

note = "Includes bibliographical references.; International Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018 ; Conference date: 11-07-2018 Through 13-07-2018",

year = "2019",

doi = "10.1007/978-3-319-98776-7_27",

language = "English",

isbn = "9783319987750",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer-Verlag London Ltd.",

pages = "251--261",

editor = "Mohammed Atiquzzaman and Zheng Xu and Jemal Abawajy and Choo, {Kim-Kwang Raymond} and Rafiqul Islam",

booktitle = "International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018",

address = "Germany",

url = "https://web.archive.org/web/20180909204616/http://www.atci2018.com/index.html, https://researchoutput.csu.edu.au/admin/files/37226362/37225002_Published_Paper.pdf",

}

Alnabulsi, H & Islam, R 2019, Web sanitization from malicious code injection attacks. in M Atiquzzaman, Z Xu, J Abawajy, K-KR Choo & R Islam (eds), International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 : Applications and Techniques in Cyber Security and Intelligence. Advances in Intelligent Systems and Computing, vol. 842, Springer-Verlag London Ltd., pp. 251-261, International Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018, Shanghai, China, 11/07/18. https://doi.org/10.1007/978-3-319-98776-7_27

Web sanitization from malicious code injection attacks. / Alnabulsi, Hussein; Islam, Rafiqul.
International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 : Applications and Techniques in Cyber Security and Intelligence. ed. / Mohammed Atiquzzaman; Zheng Xu; Jemal Abawajy; Kim-Kwang Raymond Choo; Rafiqul Islam. Springer-Verlag London Ltd., 2019. p. 251-261 (Advances in Intelligent Systems and Computing; Vol. 842).

Research output: Book chapter/Published conference paper › Conference paper › peer-review

TY - GEN

T1 - Web sanitization from malicious code injection attacks

AU - Alnabulsi, Hussein

AU - Islam, Rafiqul

N1 - Includes bibliographical references.

PY - 2019

Y1 - 2019

N2 - We propose a new methodology to sanitize web pages to prevent code injection attacks. One of a common programming error that usually happens in the web application is using of an improper encoding method to sanitize the source code of the web page. Our methodology provides a proper encoding method to the webpages which have an improper encoding of untrusted data, so it can stop and prevent code injection attacks caused by improper encoding of untrusted data from occurring. Our framework is an automatic encoding method to sanitize web browser contains multiple interpreters, such as: JavaScript, CSS, HTML, and URI. In this methodology we also need to detect zero- day attack (XSS vulnerabilities) which may not be detected by detection tools. Our methodology can prevent a many types of code injection vulnerabilities, such as: XSS injection vulnerabilities. There is a study that sponsored by Google showed that thirty percent usage of encoding method is incorrect. This incorrect encoding leads to code injection vulnerabilities in the webpages. In some encoding cases we should utilize more than one encoding method in the context, such as: URI and JavaScript encoding methods.

AB - We propose a new methodology to sanitize web pages to prevent code injection attacks. One of a common programming error that usually happens in the web application is using of an improper encoding method to sanitize the source code of the web page. Our methodology provides a proper encoding method to the webpages which have an improper encoding of untrusted data, so it can stop and prevent code injection attacks caused by improper encoding of untrusted data from occurring. Our framework is an automatic encoding method to sanitize web browser contains multiple interpreters, such as: JavaScript, CSS, HTML, and URI. In this methodology we also need to detect zero- day attack (XSS vulnerabilities) which may not be detected by detection tools. Our methodology can prevent a many types of code injection vulnerabilities, such as: XSS injection vulnerabilities. There is a study that sponsored by Google showed that thirty percent usage of encoding method is incorrect. This incorrect encoding leads to code injection vulnerabilities in the webpages. In some encoding cases we should utilize more than one encoding method in the context, such as: URI and JavaScript encoding methods.

KW - Code injection attack

KW - Encoding

KW - Sanitization

KW - XSS attack

UR - http://www.scopus.com/inward/record.url?scp=85056817272&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056817272&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98776-7_27

DO - 10.1007/978-3-319-98776-7_27

M3 - Conference paper

AN - SCOPUS:85056817272

SN - 9783319987750

T3 - Advances in Intelligent Systems and Computing

SP - 251

EP - 261

BT - International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018

A2 - Atiquzzaman, Mohammed

A2 - Xu, Zheng

A2 - Abawajy, Jemal

A2 - Choo, Kim-Kwang Raymond

A2 - Islam, Rafiqul

PB - Springer-Verlag London Ltd.

T2 - International Conference of Applications and Techniques in Cyber Intelligence, ATCI 2018

Y2 - 11 July 2018 through 13 July 2018

ER -

Alnabulsi H, Islam R. Web sanitization from malicious code injection attacks. In Atiquzzaman M, Xu Z, Abawajy J, Choo KKR, Islam R, editors, International Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 2018 : Applications and Techniques in Cyber Security and Intelligence. Springer-Verlag London Ltd. 2019. p. 251-261. (Advances in Intelligent Systems and Computing). Epub 2018 Nov 5. doi: 10.1007/978-3-319-98776-7_27

Web sanitization from malicious code injection attacks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this