| dc.contributor.author | Schuckert, Felix | |
| dc.contributor.author | Hildner, Max | |
| dc.contributor.author | Katt, Basel | |
| dc.contributor.author | Langweg, Hanno | |
| dc.date.accessioned | 2019-03-22T12:30:53Z | |
| dc.date.available | 2019-03-22T12:30:53Z | |
| dc.date.created | 2019-01-09T16:38:38Z | |
| dc.date.issued | 2018 | |
| dc.identifier.citation | Norsk Informasjonssikkerhetskonferanse (NISK). 2018, 11 . | nb_NO |
| dc.identifier.issn | 1893-6563 | |
| dc.identifier.uri | http://hdl.handle.net/11250/2591310 | |
| dc.description.abstract | To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randomly selected CVE reports which are related to open source projects. The vulnerable and patched source code was manually reviewed to find out what kind of source code patterns were used. Source code pattern categories were found for sources, concatenations, sinks, HTML context and fixes. Our resulting categories are compared to categories from CWE. A source code sample which might have led developers to believe that the data was already sanitized is described in detail. For the different HTML context categories, the necessary Cross Site Scripting prevention mechanisms are described. | nb_NO |
| dc.language.iso | eng | nb_NO |
| dc.publisher | Tapir Akademisk Forlag | nb_NO |
| dc.title | Source Code Patterns of Cross Site Scripting in PHP Open Source Projects | nb_NO |
| dc.type | Journal article | nb_NO |
| dc.type | Peer reviewed | nb_NO |
| dc.description.version | publishedVersion | nb_NO |
| dc.source.pagenumber | 13 | nb_NO |
| dc.source.volume | 11 | nb_NO |
| dc.source.journal | Norsk Informasjonssikkerhetskonferanse (NISK) | nb_NO |
| dc.identifier.doi | | |
| dc.identifier.cristin | 1653564 | |
| dc.description.localcode | Proceedings of the 11th Norwegian Information Security Conference. https://ojs.bibsys.no/index.php/NISK/article/view/576 | nb_NO |
| cristin.unitcode | 194,63,30,0 | |
| cristin.unitname | Institutt for informasjonssikkerhet og kommunikasjonsteknologi | |
| cristin.ispublished | true | |
| cristin.fulltext | original | |
| cristin.qualitycode | 1 | |
