Open Access Open Access  Restricted Access Subscription Access

Analysis of Browser Level Defense Mechanisms to Prevent Cross Site Scripting Attacks


Affiliations
1 Department of Computer Science & IT, University of Jammu, J & K, India
 

Context: Web Technologies were primarily designed to cater the need of ubiquitousness but the security concern has been overlooked and such overlooks resulted in vulnerabilities which are being highly exploited by hackers in various ways to compromise security. When a vulnerability is blocked, the attacker traces out a different mechanism to exploit it. Cross site scripting (XSS) attack is also an exploitation of one of the vulnerabilities existing in the web applications.

Objective: To conduct a study on XSS attacks and to analyze the various defense mechanisms provided at browser level to protect the web applications from XSS attacks.

Method: In the study of XSS attacks, various experiments have been performed to trace out the vulnerabilities in the JavaScript functions, html tags and their various attributes leading to Cross Site Scripting attacks on the local host server (XAMPP) and then defense mechanisms against XSS attacks which are provided at browser level have been evaluated in both modern web browsers and mobile browsers.

Results: Browser level defense approaches can mitigate Reflected XSS vulnerabilities, but the Stored and DOM based XSS vulnerabilities successfully by pass the prevention mechanisms provided at browser level.

Conclusion: XSS attack is emerging as one of the top 10 web application vulnerabilities leading to security breach. Although, the browsers can protect the web applications against the said vulnerability up to some extent, yet more research is required to enhance the browser functionality to protect the users of the web application against XSS vulnerability.


Keywords

Cross Site Scripting, Cookie, Web Vulnerability, Web Browser, Mobile Browser.
User
Notifications
Font Size

Abstract Views: 241

PDF Views: 3




  • Analysis of Browser Level Defense Mechanisms to Prevent Cross Site Scripting Attacks

Abstract Views: 241  |  PDF Views: 3

Authors

Haneet Kour
Department of Computer Science & IT, University of Jammu, J & K, India

Abstract


Context: Web Technologies were primarily designed to cater the need of ubiquitousness but the security concern has been overlooked and such overlooks resulted in vulnerabilities which are being highly exploited by hackers in various ways to compromise security. When a vulnerability is blocked, the attacker traces out a different mechanism to exploit it. Cross site scripting (XSS) attack is also an exploitation of one of the vulnerabilities existing in the web applications.

Objective: To conduct a study on XSS attacks and to analyze the various defense mechanisms provided at browser level to protect the web applications from XSS attacks.

Method: In the study of XSS attacks, various experiments have been performed to trace out the vulnerabilities in the JavaScript functions, html tags and their various attributes leading to Cross Site Scripting attacks on the local host server (XAMPP) and then defense mechanisms against XSS attacks which are provided at browser level have been evaluated in both modern web browsers and mobile browsers.

Results: Browser level defense approaches can mitigate Reflected XSS vulnerabilities, but the Stored and DOM based XSS vulnerabilities successfully by pass the prevention mechanisms provided at browser level.

Conclusion: XSS attack is emerging as one of the top 10 web application vulnerabilities leading to security breach. Although, the browsers can protect the web applications against the said vulnerability up to some extent, yet more research is required to enhance the browser functionality to protect the users of the web application against XSS vulnerability.


Keywords


Cross Site Scripting, Cookie, Web Vulnerability, Web Browser, Mobile Browser.