Cross-Site Scripting (XSS) in Web Application Store Security

 




 

Chiew, Chin Shoong (2020) Cross-Site Scripting (XSS) in Web Application Store Security. Final Year Project (Bachelor), Tunku Abdul Rahman University College.

[img] Text
Chiew Chin Shoong_Fulltext.pdf
Restricted to Registered users only

Download (3MB)

Abstract

Cross-site scripting (XSS) is one of the most popular vulnerability in the web application as it had been listed on the OWASP Top 10 Most Critical Web Application Security Risks from 2013 to 2017. (OWASP, 2017). The main objective of this project is to develop a web application that can prevent XSS attack. For this project, a secure web application is being developed to protect it from XSS vulnerability and some other security issue. In the developed web application, the .net framework and regular expression is being used to prevent 3 type of XSS attack which is stored XSS attack, DOM based XSS attack and reflected XSS attack. The tools used in this project is visual studio 2019, Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer For this project, I have developed a web application which allow the user to upload their file so that other people can download the file. The function of this web application consists of upload file, sign in, sign up, block developer, block file, download file, see login logs, view report, comment, reject developer, reject file and etc. The methodology used for this project is waterfall model. This project used questionnaire as requirement gathering technique which is make from google form. In this project many testing have been done so that the web application is able to prevent XSS attack. Overall this project has successfully fulfilled its objective by being able to protect from XSS attack. Lastly, the weakness of this project is that the security feature needs to be constantly updated to ensure that new ways of launching XSS attack is able to be prevented so further improvement would need to be make in future for better prevention of XSS attack as the ways of XSS attack might also be improved by the attacker.

Item Type: Final Year Project
Subjects: Science > Computer Science
Technology > Technology (General) > Information technology. Information systems
Science > Computer Science > Websites
Faculties: Faculty of Computing and Information Technology > Bachelor of Information Technology (Honours) in Information Security
Depositing User: Library Staff
Date Deposited: 02 Mar 2021 16:23
Last Modified: 02 Mar 2021 16:23
URI: https://eprints.tarc.edu.my/id/eprint/16343