Cross Site Scripting Vulnerabilities and Defences: A Review
نویسندگان
چکیده
With the advancement in the internet technology since last two decades, the dependence on web applications has increased rapidly. All the facilities are nowadays available online at the ease of just one click. As a result, Web applications are prone to cyber-attacks which has major consequences such as theft of personal secure data and information tampering by 'Cookie stealing' or 'Session Hijacking'. Cross site scripting is one of the most common application layer web attacks and security vulnerability. This paper provides review of the concept and the approaches provided for vulnerability detection, defence mechanism and security analysis. Keywords— XSS; Web Application Vulnerabilities; Crosssite Scripting; Security
منابع مشابه
Eliminating SQL Injection and Cross Site Scripting Using Aspect Oriented Programming
Security vulnerabilities in the web applications that we use to shop, bank, and socialize online expose us to exploits that cost billions of dollars each year. This paper describes the design and implementation of AspectShield, a system designed to mitigate the most common web application vulnerabilities without requiring costly and potentially dangerous modifications to the source code of vuln...
متن کاملToward A Taxonomy of Techniques to Detect Cross-site Scripting and SQL Injection Vulnerabilities
Since 2002, over half of reported cyber vulnerabilities are caused by input validation vulnerabilities . Over 50 % of input validation vulnerabilities were cross-site scripting and SQL injection vulnerabilities in 2006, based on the (US) National Vulnerability Database. Techniques to mitigate cross-site scripting and SQL injection vulnerabilities have been proposed. However, applying those tech...
متن کاملAn Empirical Study on the Effectiveness of Security Code Review
With the rise of the web as a dominant application platform, web security vulnerabilities are of increasing concern. Ideally, the web application development process would detect and correct these vulnerabilities before they are released to the public. This research aims to quantify the effectiveness of software developers at security code review as well as determine the variation in effectiven...
متن کاملA Web Developer's Guide to Cross-Site Scripting
Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. Because of the number of possible injection locations and techniques, many applications are vulnerable to this attack method. Scripting attacks differ from other web application vulnerabilities because they attack an application’s users, not a...
متن کاملCurrent state of research on cross-site scripting (XSS) - A systematic literature review
Keywords: Systematic literature review Cross-site scripting Security Web applications a b s t r a c t Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature revie...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015