Risks induced by Web applications on smart cards

The evolution of new smart cards with improved processing power and memory size makes it possible to integrate a web server. This provides a way to simplify the integration of smart card to all existing equipments using standard protocols. However it opens up the possibilities to existing Web attacks that exploit Web application vulnerabilities. In this paper, we focus on the most common and dangerous attack named cross site scripting (XSS) and we propose solutions to prevent and check if the Web application is well developed by applying secured development methodology.