Vis enkel innførsel

dc.contributor.authorSchuckert, Felix
dc.contributor.authorHildner, Max
dc.contributor.authorKatt, Basel
dc.contributor.authorLangweg, Hanno
dc.date.accessioned2019-03-22T12:30:53Z
dc.date.available2019-03-22T12:30:53Z
dc.date.created2019-01-09T16:38:38Z
dc.date.issued2018
dc.identifier.citationNorsk Informasjonssikkerhetskonferanse (NISK). 2018, 11 .nb_NO
dc.identifier.issn1893-6563
dc.identifier.urihttp://hdl.handle.net/11250/2591310
dc.description.abstractTo get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randomly selected CVE reports which are related to open source projects. The vulnerable and patched source code was manually reviewed to find out what kind of source code patterns were used. Source code pattern categories were found for sources, concatenations, sinks, HTML context and fixes. Our resulting categories are compared to categories from CWE. A source code sample which might have led developers to believe that the data was already sanitized is described in detail. For the different HTML context categories, the necessary Cross Site Scripting prevention mechanisms are described.nb_NO
dc.language.isoengnb_NO
dc.publisherTapir Akademisk Forlagnb_NO
dc.titleSource Code Patterns of Cross Site Scripting in PHP Open Source Projectsnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionpublishedVersionnb_NO
dc.source.pagenumber13nb_NO
dc.source.volume11nb_NO
dc.source.journalNorsk Informasjonssikkerhetskonferanse (NISK)nb_NO
dc.identifier.doihttp://ojs.bibsys.no/index.php/NISK/article/view/576/492
dc.identifier.cristin1653564
dc.description.localcodeProceedings of the 11th Norwegian Information Security Conference. https://ojs.bibsys.no/index.php/NISK/article/view/576nb_NO
cristin.unitcode194,63,30,0
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode1


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel