Analysis of Browser Level Defense Mechanisms to Prevent Cross Site Scripting Attacks
Context: Web Technologies were primarily designed to cater the need of ubiquitousness but the security concern has been overlooked and such overlooks resulted in vulnerabilities which are being highly exploited by hackers in various ways to compromise security. When a vulnerability is blocked, the attacker traces out a different mechanism to exploit it. Cross site scripting (XSS) attack is also an exploitation of one of the vulnerabilities existing in the web applications.
Objective: To conduct a study on XSS attacks and to analyze the various defense mechanisms provided at browser level to protect the web applications from XSS attacks.
Method: In the study of XSS attacks, various experiments have been performed to trace out the vulnerabilities in the JavaScript functions, html tags and their various attributes leading to Cross Site Scripting attacks on the local host server (XAMPP) and then defense mechanisms against XSS attacks which are provided at browser level have been evaluated in both modern web browsers and mobile browsers.
Results: Browser level defense approaches can mitigate Reflected XSS vulnerabilities, but the Stored and DOM based XSS vulnerabilities successfully by pass the prevention mechanisms provided at browser level.
Conclusion: XSS attack is emerging as one of the top 10 web application vulnerabilities leading to security breach. Although, the browsers can protect the web applications against the said vulnerability up to some extent, yet more research is required to enhance the browser functionality to protect the users of the web application against XSS vulnerability.
Keywords
Abstract Views: 241
PDF Views: 3