Home Code-injection Vulnerabilities in Web Applications — Exemplified at Cross-site Scripting
Article
Licensed
Unlicensed Requires Authentication

Code-injection Vulnerabilities in Web Applications — Exemplified at Cross-site Scripting

  • Martin Johns
Published/Copyright: September 20, 2011
it - Information Technology
From the journal Volume 53 Issue 5

Abstract

Cross-site Scripting (XSS) is one of the most prevalent vulnerability types that affect Web applications. This article provides an overview of a dissertation, which addresses the problem XSS as a whole: It starts with a systematic deduction of causes and consequences of XSS, proceeds with presenting countermeasures to mitigate potential XSS-based attacks, and finally provides a type-based methodology that guarantees the creation of XSS-free applications.

Zusammenfassung

Cross-site Scripting (XSS) ist eine der häufigsten Verwundbarkeitstypen im Bereich der Web Anwendungen. Die in diesem Artikel vorgestellte Dissertation behandelt das Problem XSS ganzheitlich: Basierend auf einer systematischen Erarbeitung der Ursachen und potentiellen Konsequenzen von XSS, wird zunächst eine Methodik vorgestellt, die das Design von dynamischen Gegenmaßnahmen zur Angriffseingrenzung erlaubt. Weiterhin, um das unterliegende Problem grundsätzlich anzugehen, wird ein Typ-basierter Ansatz zur sicheren Programmierung von Web Anwendungen beschrieben, der zuverlässigen Schutz vor XSS Lücken garantiert.

Keywords: security; code injection; web application
* Correspondence address: SAP Research, Vincenz-Priessnitz-Straße 1, 76131 Karl , Deutschland,
Published Online: 2011-09-20
Published in Print: 2011-09

© by Oldenbourg Wissenschaftsverlag, Karlsruhe, Germany

Articles in the same Issue

  1. Data Management in Life Sciences
  2. Informatics and Translational Medical Research: Challenges and Developments
  3. Data Management in Large Collaborative Biology Research Projects
  4. Das Informationssystem MetaCrop zur Unterstützung systembiologischer Forschung an Kulturpflanzen
  5. Data Warehouses in Bioinformatics: Integration of Molecular Biological Data
  6. KASTEL — An Application-Driven Center of Excellence for IT Security
  7. Code-injection Vulnerabilities in Web Applications — Exemplified at Cross-site Scripting
https://doi.org/10.1524/itit.2011.0651
Keywords for this article
security; code injection; web application

Articles in the same Issue

  1. Data Management in Life Sciences
  2. Informatics and Translational Medical Research: Challenges and Developments
  3. Data Management in Large Collaborative Biology Research Projects
  4. Das Informationssystem MetaCrop zur Unterstützung systembiologischer Forschung an Kulturpflanzen
  5. Data Warehouses in Bioinformatics: Integration of Molecular Biological Data
  6. KASTEL — An Application-Driven Center of Excellence for IT Security
  7. Code-injection Vulnerabilities in Web Applications — Exemplified at Cross-site Scripting
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2025 De Gruyter Brill
Downloaded on 14.9.2025 from https://www.degruyterbrill.com/document/doi/10.1524/itit.2011.0651/html
Scroll to top button