Approaches to Detect and Prevent Cross-Site Scripting Attacks on Websites: A Survey

Bharti Nagpal*, Naresh Chauhan**, Nanhay Singh***
* Assistant Professor(CSE Deptt), AIACT&R, Govt of NCT of Delhi, India.
** Professor(CSE Deptt), YMCAUST, Faridabad, Haryana, India.
*** Associate Professor(CSE Deptt),AIACT&R, Govt of NCT of Delhi, India.
Periodicity:September - November'2013
DOI : https://doi.org/10.26634/jit.2.4.2542

Abstract

The expansion of the Internet has made web applications a part of everyday life. The numbers of incidents which exploit web application vulnerabilities are increasing day by day. Due to the growth of networks and internet, many offline services have been changed to online services. Nowadays, most online services consists of web services. The ability to access the web from any place at anytime is a great advantage.However, as the popularity of the web increases, attacks on the web increases. Most of the attacks made on the web targets the vulnerabilities of web applications. This paper surveys the most popular existing XSS related issues, their Detection/Prevention techniques and tools proposed in last decade. These vulnerabilities are researched and analyzed at [1]OWASP(Open Web Application Security project).It tracks the most common failures on websites.Cross-Site Scripting(XSS) attacks are a type of injection problem in which malicious scripts are injected into the trusted web sites.

Keywords

Cross-Site Scripting Attacks, Static Binding, Dynamic Binding, Detection,Prevention,Scripting Languages,HTML

How to Cite this Article?

Nagpal, B., Chauhan, N., and Singh, N. (2013). Approaches to Detect and Prevent Cross-Site Scripting Attacks On Websites: A Survey. i-manager’s Journal on Information Technology, 2(4), 36-43. https://doi.org/10.26634/jit.2.4.2542

References

[1]. The Open Web Application Security Project. OWASP TOP 10 Project. http://www.owasp.org/.
[2]. Fabien Duchene, Roland Groz, Sanjay Rawat and Jean-Luc Richier. (2012). XSS Vulnerability Detection Using Model Inference Assisted Evolutionar y Fuzzing*. Proceedings of the 5th International IEEE Conference on Software Testing, Verification and Validation. April; Montreal, Canada.
[3]. Yu Sun and Dake He. (2012). Model Checking for the Defense against Cross-site Scripting Attacks. Proceedings of the International IEEE Conference on Computer Science and Service System. August 11-13; Nanjing.
[4]. Lwin Khin Shar and Hee Beng Kuan Tan. (2012). Mining Input Sanitization Patterns for Predicting SQL Injection and Cross Site Scripting Vulnerabilities. Proceedings of the 34th International IEEE Conference on Software Engineering. June 2-9; Zurich.
[5]. Lwin Khin Shar and Hee Beng Kuan Tan. (2012). Defending against Cross-Site Scripting Attacks. EEE Computer Society, Vol. 45,Issue 3,pp. 55-62.
[6]. Ms. R.Priyadarshini, Ms. Jagadiswaree.D, Ms. Fareedha A and Mr. Janarthanan.M. A (2011). Cross Platform Intrusion Detection System using Inter Server Communication Technique. Proceedings of the International IEEE Conference on Recent Trends in Information Technology. June 3-5; Chennai, Tamil Nadu.
[7]. Andrea Avancini and Mariano Ceccato. (2011). SecurityTestingof WebApplications: A Search Based Approach for Cross-Site Scripting vulnerabilities. Proceedings of the 11th International IEEE Working Conference on Source Code Analysis and Manipulation. Sept 25-26; Williamsburg, VI.
[8]. Rattipong Putthacharoen* and Pratheep Bunyatnoparat *. (2011). Protecting Cookies from Cross Site Script Attacks Using Dynamic Cookies Rewriting Technique. Proceedings of the International IEEE Conference on Advanced Communication Technology. Feb 13-16; Seoul.
[9]. Qianjie Zhang, Hao Chen and Jianhua Sun. (2010). An Execution-flow Based Method for Detecting Cross-Site Scripting Attacks. Proceedings of the 2nd International IEEE Conference on Software Engg. and Data Mining. June 23-25;Chengdu,China.
[10]. Mike Ter Louw and V.N. Venkatakrishnan. (2009). BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. Proceedings of the 30th IEEE Symposium on Security and Privacy. May 17-20; Berkeley,CA.
[11]. Adam Kie? zun, Philip J. Guo, Karthick Jayaraman, and Michael D. Ernst. (2008). Automatic Creation of SQL Injection and Cross-Site Scripting Attacks. A Computer Science and Artificial Intelligence Laboratory Technical Report (MIT-CSAIL). September 10.
[12]. Gary Wassermann and Zhendong Su. (2008). Static Detection of Cross-Site Scripting Vulnerabilities. Proceedings of the 30th International IEEE Conference on Software Engg. May 10-18; Leipzig.
[13]. Jayamsakthi Shanmugam and M.Ponnavaikko. (2007). Behavior-based anomaly detection on the serverside to reduce the effectiveness of Cross Site Scripting vulnerabilities. In 3rd International I Conference on Semantics, Knowledge and Grid. October 29-31;Shan Xi.
[14]. Jayamsakthi Shanmugam and Dr.M.Ponnavaikko. (2007). Risk Mitigation for Cross Site Scripting Attacks Using Signature Based Model on the Server Side. Proceedings of the 2nd International IEEE Multisymposium on Computer and Computational Sciences. August 13-15; Lowa city,IA.
[15]. Jayamsakthi Shanmugam and Dr.M.Ponnavaikko. (2007). A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture. Proceedings of the 6th International IEEE Conference on Computer and Information Science. July 11-13; Melbourne,Qld.
[16]. Shiuh-Jeng Wang, Yao-Han Chang, Wen-Ya Chiang and Wen-Shenq Juang. (2007). Investigations in Crosssite Script on Web-systems Gathering Digital Evidence against Cyber- Intrusions. Proceedings of the International IEEE Conference on Future Generation Communication and Networking. Dec 6-8; Jeju.
[17]. Florian Kerschbaum. (2007). Simple Cross-Site Attack Prevention. In 3rd International IEEE Conference on Security and Privacy in Communications Networks and the Workshops. Sept 17-21;Nice,France.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.