期刊名称:International Journal of Computer Science and Information Technologies
电子版ISSN:0975-9646
出版年度:2015
卷号:6
期号:2
页码:1196-1203
出版社:TechScience Publications
摘要:In the modern technological epoch, the internet advancement is at its peak and the web services are emerging more towards dynamic than static web pages. In order to serve the demands, websites holds many applications that extensively opens door for several script-languages. Contrarily, Cross-sitescripting (XSS) attack exploits wide variety of Script-languages and various programming techniques that can easily breach the security of the website. This paper presents a model of XSSobliterator which supplements the security at client/server side with the mechanism of two-way filter and delivers a platformindependent elucidation to cater security against enormous variants of XSS attack. To address the security issues, an opensource PHP based website is evaluated to render threat against XSS-vectors injected in input fields, URL and source-code using two commercial browsers. As a result of evaluation, the vulnerable sections of the website are declared as high/low recommendation for the proposed model. Considering the extracted artifacts, an experiment has been conducted on the website using the proposed model for detecting and sanitizing all the variants of XSS vectors.
