A comparative analysis of Cross Site Scripting (XSS) detecting and defensive techniques

Now the web applications are highly useful and powerful for usage in most fields such as finance, e-commerce, healthcare and more, so it must be well secured. The web applications may contain vulnerabilities, which are exploited by attackers to steal the user's credential. The Cross Site Scripting (XSS) attack is a critical vulnerability that affects on the web applications security. XSS attack is an injection of malicious script code into the web application by the attacker in the client-side within user's browser or in the server-side within the database, this malicious script is written in JavaScript code and injected within untrusted input data on the web application. This study discusses the XSS attack, its taxonomy, and its incidence. In addition, the paper presents the XSS mechanisms used to detect and prevent the XSS attacks.

[1]  Mohammad Zulkernine,et al.  Injecting Comments to Detect JavaScript Code Injection Attacks , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.

[2]  Pavol Zavarsky,et al.  Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[3]  Brij B. Gupta,et al.  Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment , 2016 .

[4]  Hung Dang,et al.  DexterJS: robust testing platform for DOM-based XSS vulnerabilities , 2015, ESEC/SIGSOFT FSE.

[5]  Brij B. Gupta,et al.  Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications , 2016 .

[6]  Kouichi Sakurai,et al.  Parameter manipulation attack prevention and detection by using web application deception proxy , 2017, IMCOM.

[7]  Lwin Khin Shar,et al.  Automated removal of cross site scripting vulnerabilities in web applications , 2012, Inf. Softw. Technol..

[8]  Brij B. Gupta,et al.  CSSXC: Context-sensitive Sanitization Framework for Web Applications against XSS Vulnerabilities in Cloud Environments , 2016 .

[9]  Gopal R. Chaudhari,et al.  A Survey on Security and Vulnerabilities of Web Application , 2014 .

[10]  Hao Chen,et al.  Noncespaces: Using randomization to defeat cross-site scripting attacks , 2012, Comput. Secur..

[11]  Adnan Shahid Khan,et al.  Defending Malicious Script Attacks Using Machine Learning Classifiers , 2017, Wirel. Commun. Mob. Comput..

[12]  Brij Bhooshan Gupta,et al.  Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..

[13]  Xiao Ming Hu,et al.  A XSS Defensive Scheme Based on Behavior Certification , 2012 .