Volume 14 Number 11 (Nov. 2019)
Home > Archive > 2019 > Volume 14 Number 11 (Nov. 2019) >
JSW 2019 Vol.14(11): 530-547 ISSN: 1796-217X
doi: 10.17706/jsw.14.11.530-547

Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach

John Velandia*, Jessica Ortiz , Julian Sierra, Roger Guzman
Faculty of Engineering, Universidad Cato lica de Colombia, Bogota , Colombia.

Abstract—Restful services are concerned with the integration of software systems using HTTP as base. Research studies addressing security assessments over JAX-RS are scarce, even more in Cross Site Scripting (XSS), which is a sort of attack that consists of stealing data or phishing. Thus, the aim of this paper is to present an assessment of the vulnerabilities over JAX-RS implementations when a XSS attack is involved. The assessment comprises: (1) selection of attack methods, (2) programming and assessing of attacks throughout dynamic programming and recursive methods; (3) identifying the vulnerabilities by means of a mathematical model, which determines the level of security of implementations. As a proof of concept, a prototype is implemented to demonstrate how the guideline is applied. Additionally, controls are proposed for every vulnerability identified.

Index Terms—JAX-RS, Restful services, vulnerability, security, cross site scripting, dynamic programming, apache CXF, RestEasy, Jersey, Restlet.

[PDF]

Cite: John Velandia*, Jessica Ortiz , Julian Sierra, Roger Guzman, "Cross Site Scripting Vulnerabilities in JAX-RS: A Security Approach," Journal of Software vol. 14, no. 11, pp. 530-547, 2019.

General Information

ISSN: 1796-217X (Online)
Frequency: Monthly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
  • Dec 06, 2019 News!

    Vol 14, No 1- Vol 14, No 4 has been indexed by EI (Inspec)   [Click]

  • Nov 18, 2019 News!

    Papers published in JSW Vol 14, No 1- Vol 14 No 10 have been indexed by DBLP     [Click]

  • Dec 06, 2019 News!

     Vol 13, No 10- Vol 13, No 12 has been indexed by EI (Inspec)   [Click]

  • Aug 01, 2018 News!

    [CFP] 2020 the annual meeting of JSW Editorial Board, ICCSM 2020, will be held in Rome, Italy, July 17-19, 2020   [Click]

  • Jun 25, 2019 News!

    Vol.13, No.9 has been indexed by EI (Inspec).   [Click]