Mitigation of XSS Vulnerabilities in Add-ons for Cloud based Applications and a Forensic Framework for Investigating Incidents
Malik, Muhammad Saad (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024062623859
https://urn.fi/URN:NBN:fi:amk-2024062623859
Tiivistelmä
The recent decade has witnessed a huge adoption of cloud among the IT Enterprises across the globe owing to its numerous advantages including but not limited Scalability and flexibility, Cost Efficiency, Disaster Recovery and Business Continuity and Reduced maintenance. This has also brought to light several security issues, many of which have not yet been studied comprehensively, especially in the context of specific Cloud
Applications being used in popular cloud environments such as Microsoft 365, Google Marketplace, Shopify, and Amazon Web Services. This thesis aims to study one of those security vulnerabilities, namely the Crosssite Scripting attack, from both an offensive and defensive point of view.
The main research questions of this thesis are that what are the security architectures of popular cloud application suites, how does the Cross-site scripting attack can occur against the cloud application users via vulnerable add-ons, what are some good recommendations for cloud application developers and vendors to avoid such cases in future and secondly, in case of an XSS related security incident in a Security Operations
Center, what are the frameworks in practice for the Security or DFIR analyst to follow and methodically investigate that attack, what are the pros and cons of each of these frameworks and whether an improved version can be presented for a more comprehensive and systematic analysis. The research method used for this thesis is Literature Review, i.e. Systematic Review, which entails a comprehensive seven-step plan for conducting the research.
The systematic review carried out in this thesis along with the empirical analysis of select add-ons from Microsoft 365, Google marketplace and Shopify has confirmed the presence of XSS vulnerabilities in a significant number of cloud application add-ons. And based on the results of this research, the recommendations for developers and vendors include rendering the user input as text rather than html, using a Content Security
Policy and creating test items to check for XSS vulnerabilities throughout the development process. Furthermore, hardening the add-on iframe, implementing add-on logic in the add-on server, not in the clientside JavaScript, filtering the scripts in user input and not sharing access tokens to delegate all your permissions would prevent the exploitation of XSS vulnerabilities in cloud application add-ons. And secondly, the comparative analysis of forensic frameworks has revealed that the proposed framework is more comprehensive and systematic, and its adoption would reveal more meaningful insights into the investigation of the attack.
Applications being used in popular cloud environments such as Microsoft 365, Google Marketplace, Shopify, and Amazon Web Services. This thesis aims to study one of those security vulnerabilities, namely the Crosssite Scripting attack, from both an offensive and defensive point of view.
The main research questions of this thesis are that what are the security architectures of popular cloud application suites, how does the Cross-site scripting attack can occur against the cloud application users via vulnerable add-ons, what are some good recommendations for cloud application developers and vendors to avoid such cases in future and secondly, in case of an XSS related security incident in a Security Operations
Center, what are the frameworks in practice for the Security or DFIR analyst to follow and methodically investigate that attack, what are the pros and cons of each of these frameworks and whether an improved version can be presented for a more comprehensive and systematic analysis. The research method used for this thesis is Literature Review, i.e. Systematic Review, which entails a comprehensive seven-step plan for conducting the research.
The systematic review carried out in this thesis along with the empirical analysis of select add-ons from Microsoft 365, Google marketplace and Shopify has confirmed the presence of XSS vulnerabilities in a significant number of cloud application add-ons. And based on the results of this research, the recommendations for developers and vendors include rendering the user input as text rather than html, using a Content Security
Policy and creating test items to check for XSS vulnerabilities throughout the development process. Furthermore, hardening the add-on iframe, implementing add-on logic in the add-on server, not in the clientside JavaScript, filtering the scripts in user input and not sharing access tokens to delegate all your permissions would prevent the exploitation of XSS vulnerabilities in cloud application add-ons. And secondly, the comparative analysis of forensic frameworks has revealed that the proposed framework is more comprehensive and systematic, and its adoption would reveal more meaningful insights into the investigation of the attack.