<![CDATA[Definitely Secure Bank (DSB) is a web application designed to model digital bank financial transactions. In the early stages of development, this DSB application has several security vulnerabilities, including Cross-Site Scripting (XSS) attacks with a non-persistent type on the web help page and Cross-Site Request Forgery (CSRF) attacks on the financial transaction process. In the DSB application and other modern web applications, the most common vulnerabilities encountered are vulnerabilities to XSS and CSRF attacks. XSS attacks occur when someone successfully injects malicious javascript scripts into a web page, which can be executed from the user's browser. While CSRF attacks are attacks to trick users into sending unwanted requests to trusted websites. This study aims to analyze frontend security vulnerabilities on DSB and implement solutions to prevent them. The analysis is carried out by identifying vulnerable points in the application and evaluating their potential for exploitation. The proposed solution to prevent XSS attacks is to apply input sanitation to all user-entered data on the help page. Input sanitation will clean data from malicious scripts before being processed by the system. To prevent CSRF attacks, the proposed solution is to use CSRF tokens when making transactions on DSB. A CSRF token is an encrypted random value that is added to each HTTP request and verified by the server. Implementing these solutions can improve DSB security and prevent exploitation of XSS and CSRF attack vulnerabilities.]]>
Copyrights © 2024
