Volume 14 Number 11 (Nov. 2019)
Home > Archive > 2019 > Volume 14 Number 11 (Nov. 2019) >
JSW 2019 Vol.14(11): 530-547 ISSN: 1796-217X
doi: 10.17706/jsw.14.11.530-547

Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach

John Velandia*, Jessica Ortiz , Julian Sierra, Roger Guzman
Faculty of Engineering, Universidad Cato lica de Colombia, Bogota , Colombia.

Abstract—Restful services are concerned with the integration of software systems using HTTP as base. Research studies addressing security assessments over JAX-RS are scarce, even more in Cross Site Scripting (XSS), which is a sort of attack that consists of stealing data or phishing. Thus, the aim of this paper is to present an assessment of the vulnerabilities over JAX-RS implementations when a XSS attack is involved. The assessment comprises: (1) selection of attack methods, (2) programming and assessing of attacks throughout dynamic programming and recursive methods; (3) identifying the vulnerabilities by means of a mathematical model, which determines the level of security of implementations. As a proof of concept, a prototype is implemented to demonstrate how the guideline is applied. Additionally, controls are proposed for every vulnerability identified.

Index Terms—JAX-RS, Restful services, vulnerability, security, cross site scripting, dynamic programming, apache CXF, RestEasy, Jersey, Restlet.


Cite: John Velandia*, Jessica Ortiz , Julian Sierra, Roger Guzman, "Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach," Journal of Software vol. 14, no. 11, pp. 530-547, 2019.

General Information

ISSN: 1796-217X (Online)
Frequency: Monthly (2006-2019); Bimonthly (Since 2020)
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
  • Dec 06, 2019 News!

    Vol 14, No 1- Vol 14, No 4 has been indexed by EI (Inspec)   [Click]

  • Jun 22, 2020 News!

    Papers published in JSW Vol 14, No 1- Vol 15 No 4 have been indexed by DBLP     [Click]

  • Mar 30, 2021 News!

    The papers published in Vol 16, No 4 have all received dois from Crossref    [Click]

  • Jan 28, 2021 News!

    [CFP] 2021 the annual meeting of JSW Editorial Board, ICCSM 2020, will be held in Rome, Italy, July 21-23, 2021   [Click]

  • Mar 30, 2021 News!

    Vol 16, No 4 has been published with online version     [Click]