Open Access
Subscription Access
Analysis of Mitigation Techniques to Prevent Cross Site Scripting Attack in the Web Applications
The three tier architecture of the web has been developed to help the developers to create flexible web applications that are accessed by millions of users across the world. These web applications are developed by using various technologies like HTML, JavaScript, AJAX, XML etc. But the vulnerabilities at the design level in these technologies result in security compromise for the users. Thus, the security of these applications is becoming an important issue to ensure the user's authentication and privacy. Cross site scripting attack (XSS) is also an exploitation of these vulnerabilities (existing in the web applications) that result in theft of user's credentials. This paper studies the XSS attack and then analyses the various mitigation techniques to prevent XSS attacks.
Keywords
Cross Site Scripting, Cookie, Web Vulnerability, Mitigation.
User
Font Size
Information
- Joaquin G.A. and Guillermo N.A., “Prevention of cross-site scripting attacks on current web applications”, OTM 2007, Lect. Notes Computer Science, vol. 4804, 2007, pp. 1770–1784.
- Haneet Kour and Lalit Sen Sharma, “Tracing Out Cross Site Scripting Vulnerabilities in Modern Scripts”, International Journal of Advanced Networking and Applications (IJANA), ISSN: 0975-0290 (Online) Volume 7 Issue 5, 2016, pp. 2862-2867.
- Zero. Historic Lessons From Marc Slemko – Exploit number 3: Steal hotmail account. http://0x000000.com /index.php? i=270 &bin=100001110.
- Wade Alcorn, “XSS viruses: Cross-site scripting viruses and worms–a new attack vector”, Journal of Network Security, Elsevier, ISSN 1353-4858 Volume 2006 Issue 7, July 2006 pp 7-8.
- Y. Amit, “XSS vulnerabilities in Google.com”, November 2005. [Internet]. Available: http://www.watchfire.com/securityzone/ advisories/12-21-05.aspx.
- R. Hansen, “Cross Site Scripting Vulnerability in Google”, July 2006. [Internet]: http://hackers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/.
- David Scott and Richard Sharp. “Abstracting application-level web security”, in WWW '02: Proceedings of the 11th international conference on World Wide Web, ACM, New York, USA, 2002, pp. 396-407.
- O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguchi, “A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability”, 18th Int. Conf. on Advanced Information Networking and Applications 2004, pp. 145-151.
- Trevor Jim, Nikhil Swamy and Micheal Hicks, "Defeating Script Injection Attacks with Browser Enforced Embedded Policies", Proc. 16th International Conference on WWW ACM 2007, pp.601-610
- Gary Wassermann, Zhendong Su, “Static Detection of Cross-Site Scripting Vulnerabilities”, ICSE ‟08: Proceedings of the 30th international conference on Software engineering, 2008, pp. 171-180.
- Yi Wang, Zhoujun Li, Tao Guo, “Program Slicing Stored XSS Bugs in Web Application”, Fifth International Symposium on Theoretical Aspects of Software Engineering, IEEE, 2011, pp. 191-194.
- Shashank Gupta and B.B. Gupta, “BDS: Browser Dependent XSS Sanitizer”, IGI-Global, Handbook of Research, Nonvember 2014, pp. 174-191.
Abstract Views: 293
PDF Views: 4