University of Bahrain
Scientific Journals

Enhance MOODLE Security Against XSS Vulnerabilities

Show simple item record Barhoom, Tawfiq S. Azaiza, Rola J. 2018-07-09T10:22:02Z 2018-07-09T10:22:02Z 2016-09-01
dc.identifier.issn 2210-142X
dc.description.abstract MOODLE (Modular Object-oriented Dynamic Learning Environment) is one of the most popular e-learning environment in the world, MOODLE is same as web application that vulnerable to illegal attacks so, the need for confidentiality, Integrity and availability in e-learning is extremely complex problem to meet the security requirements. One of the serious attacks to the MOODLE is cross site Scripting (XSS). XSS is a web application vulnerability that occurs whenever a web application takes data from user without proper encoding or validation and sends it to the browser. XSS allow attacker to executes scripts that can hijack victims session and deface web sites. MOODLE resources (file, page and student's assignment) are still vulnerable to XSS attacks. For this we need to secure the MOODLE against XSS attacks to keep both teachers and students accounts secure. A lot of researches have handled XSS attacks in CMS but most of these researches have a little attention on XSS attacks on MOODLE. So, we discussed some of PHP's functions that used to prevent XSS attacks. Additionally we conducted a comparative study between four published XSS filters to determine their weaknesses, then RT_XSS_Cln filter was developed to prevent XSS attacks and overcome the other filters weaknesses. RT_XSS_Cln filter is written using PHP language its evaluated by performing offline and online testing. Offline testing is done by nearly 80 files contain nearly 1000 malicious scripts, while online testing is done by plugging RT_XSS_Cln on the MOODLE from both sides teacher's side and students' side to protect both of them. RT_XSS_Cln filter catch all the tested malicious scripts also RT_XSS_Cln filter is faster than the other filters it has a little processing mean time than the others nearly 0.002s. en_US
dc.language.iso en en_US
dc.publisher University of Bahrain en_US
dc.rights Attribution-NonCommercial-ShareAlike 4.0 International *
dc.rights.uri *
dc.subject Filter en_US
dc.subject MOODLE en_US
dc.subject XSS en_US
dc.subject Malicious files en_US
dc.subject web applications en_US
dc.subject www en_US
dc.subject e-learning en_US
dc.title Enhance MOODLE Security Against XSS Vulnerabilities en_US
dc.type Article en_US
dc.volume 05
dc.issue 05
dc.source.title International Journal of Computing and Digital Systems
dc.abbreviatedsourcetitle IJCDS

Files in this item

The following license files are associated with this item:

This item appears in the following Issue(s)

Show simple item record

Attribution-NonCommercial-ShareAlike 4.0 International Except where otherwise noted, this item's license is described as Attribution-NonCommercial-ShareAlike 4.0 International

All Journals

Advanced Search


Administrator Account