期刊名称:International Journal of Computer Science and Engineering
印刷版ISSN:2278-9960
电子版ISSN:2278-9979
出版年度:2020
卷号:7
期号:7
页码:8-18
DOI:10.14445/23488387/IJCSE-V7I7P102
出版社:IASET Journals
摘要:Currently, we live in an era of information and communication technology (ICT) in which humans are globally connected with each other through Internet. With the advent of World Wide Web (WWW), Internet has enabled numerous useful applications for the benefit of people around the world. These include online shopping, e-learning, internet banking, social interactions, etc. However, security of web applications has always remain a major concern of its users in general and prevention from hacking attacks in particular. Although, an adversary might attack on web applications by exploiting several hacking techniques, but in recent years Cross-Site Scripting (XSS) and Cross-site Request Forgery (XSRF) attacks has got significant attention from the researchers. According to Open Web Application Security Project (OWASP), XSS attack is amongst the top ten web application vulnerabilities (Mahindrakar, 2014; Cross-site Scripting, 2015). XSS might result in several types of threats, such as phishing, pop-up flooding, session hijacking, etc. The focus of this research is analysis, detection and/or prevention of XSS attacks. In contrast to earlier work on XSS attacks, this research provides a solution that is browser compatible and web development language independent. And our approach will provide zero code modification of already running web applications, equally beneficial for providing prevention to legacy systems.
关键词:Cross Site Scripting; Algorithm ;Scripting Attacks; Vulnerabilities; Prevention and Detection; SQL Injection; Security Misconfiguration; Maliciuos Attacks; Broken Authentication and Session Management; Cross Site Request forgery
