| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Hanhijoki, Heikki", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-11T05:19:38Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-11T05:19:38Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/86877", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Cross-site scripting (XSS) -haavoittuvuudet ovat olleet merkitt\u00e4v\u00e4 uhka web-sovelluksille jo yli kahden vuosikymmenen ajan. XSS-haavoittuvuudet ovat s\u00e4ilytt\u00e4neet paikkansa yleisimmin havaittujen web-sovellushaavoittuvuuksien tilastoissa siit\u00e4 huolimatta, ett\u00e4 tarjolla on yh\u00e4 kehittyneempi\u00e4 teknologioita web-sovellusten ja verkkosivujen kehitt\u00e4miseen. Web-sis\u00e4ll\u00f6nhallintaj\u00e4rjestelm\u00e4t ovat merkitt\u00e4v\u00e4ss\u00e4 roolissa modernien verkkosivujen julkaisussa, ja suuri osa Internetiss\u00e4 sijaitsevista sivustoista onkin luotu k\u00e4ytt\u00e4en kyseisi\u00e4 j\u00e4rjestelmi\u00e4. T\u00e4ss\u00e4 pro gradu -tutkielmassa perehdyttiin siihen, kuinka XSS-haavoittuvuuksia k\u00e4sitell\u00e4\u00e4n web-sis\u00e4ll\u00f6nhallintaj\u00e4rjestelmien dokumentaatiossa, sek\u00e4 kartoitettiin dokumentaatiossa esiintyvi\u00e4 keinoja puolustautua XSS-haavoittuvuuksia vastaan. Kirjallisuuskatsauksessa tunnistettiin joukko keinoja, joilla XSS-haavoittuvuuksia voidaan ehk\u00e4ist\u00e4. N\u00e4m\u00e4 jakautuivat l\u00e4hdekoodin tasolla suoritettavaan k\u00e4ytt\u00e4j\u00e4n sy\u00f6tteen erityyppiseen prosessointiin, sovellus- ja palvelinkonfiguraatioiden tuomaan lis\u00e4turvaan, sek\u00e4 web-sovelluspalomuurin (WAF) k\u00e4ytt\u00e4miseen. Kirjallisuuskatsauksen perusteella sovelluskehitt\u00e4jien keskuudessa esiintyy kuitenkin haasteita valikoida sovelluksiinsa sopivat puolustusmekanismit XSS:n kaltaisten haavoittuvuuksien ehk\u00e4isemiseksi. Tutkimustuloksissa havaittiin web-sis\u00e4ll\u00f6nhallintaj\u00e4rjestelmien dokumentaation sis\u00e4lt\u00e4v\u00e4n ohjeistusta XSS-haavoittuvuuksien ehk\u00e4isyst\u00e4 sek\u00e4 j\u00e4rjestelmien ydinsovellukselle ett\u00e4 niihin kehitett\u00e4ville lis\u00e4osille. J\u00e4rjestelm\u00e4dokumentaatiossa ehdotetuissa XSS-haavoittuvuuksien torjuntakeinoissa havaittiin keskitytt\u00e4v\u00e4n enimm\u00e4kseen k\u00e4ytt\u00e4j\u00e4n sy\u00f6tteen turvalliseen k\u00e4sittelyyn erilaisin kirjallisuudessakin tunnistetuin metodein. Ohjeistuksen kattavuudessa ja johdonmukaisuudessa n\u00e4htiin kuitenkin vaihtelua sek\u00e4 j\u00e4rjestelmien ett\u00e4 puolustusmekanismien v\u00e4lill\u00e4.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Cross-site scripting (XSS) vulnerabilities have been a significant threat for web applications for over two decades. XSS vulnerabilities have retained their position as one of the most commonly found web application vulnerabilities despite the availability of more advanced technologies for developing web applications and websites. Web content management systems have a significant role in the creation of modern websites, and a large amount of the sites on the Internet have been built using such systems. In this master\u2019s thesis, the ways in which XSS vulnerabilities are addressed in the documentation of web content management systems were studied alongside mapping the methods in which such vulnerabilities can being defended from according to the documentation. A set of XSS prevention measures was recognized in a literature review. These were grouped into proper source code level handling of user input, additional security provided by software and server configurations and the use of a web application firewall (WAF). According to the literature review, software developers are still facing challenges with choosing suitable defenses against vulnerabilities such as cross-site scripting. From the results of the study, it was discovered that the documentation of web content management systems does give guidance on mitigating XSS vulnerabilities in the core of the systems and in their extensions. The recommended defenses against XSS vulnerabilities were found to be focused on the safe handling of user input with different methods. Varying coverage and coherence of the documented guidance was, however, discovered from the results in two distinct areas, between the systems and the XSS-preventive measures.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-11T05:19:38Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-11T05:19:38Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "55", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "xss", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cms", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "wcms", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cross-site scripting", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "content management systems", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Cross-site scripting (XSS) vulnerability prevention in open-source web content management system documentation", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305112956", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sis\u00e4ll\u00f6nhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sovellusohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haavoittuvuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkosivustot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "WWW-sivut", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "content management", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "applications (computer programmes)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "vulnerability", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "websites", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "web pages", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/collections/archival-workstation).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema..", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
|