Detection of DOM-Based XSS Attack on Web Application

Ninawe, Shubhangi; Wajgi, Rakhi

doi:10.1007/978-3-030-28364-3_65

Shubhangi Ninawe⁵ &
Rakhi Wajgi⁵

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 33))

Included in the following conference series:

Intelligent Communication Technologies and Virtual Mobile Networks

1181 Accesses
4 Citations

Abstract

Cross-Site Scripting (XSS) is one of the huge issues of any Web-based or Online applications. In this attack, the attacker uses malicious code to intercept the information through users web application and sends it to the corresponding web server. This is possible because web browsers are capable of executing the instructions stored in Web pages. This enables the attackers to make use of this feature, so as to execute the malicious code in a user’s Web browsing application. This attack if happened, may result in very slow and poor web surfing. It is also capable of stealing the cookies, passwords and other personal information of the user. These kind of attacks are very easy in terms of implementation but the prevention or detection of this attack is a challenging task. In this paper firstly the existing research on the prevention of XSS is presented. Then a framework is proposed to detect the XSS, which can provide a legitimate solution for the mitigation of the attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Thopate, P., Bamm, P., Kamble, A.: Cross site scripting attack detection & prevention system. Int. J. Adv. Res. Comput. Eng. Technol. (IJARCET) 3 (2014)
Google Scholar
Ayeni, B.K., Sahalu, J.B., Adeyanju, K.R.: Detecting cross-site scripting in web application using fuzzy ınference system. J. Comput. Netw. Commun. 2018 (2018). Article ID 815948. https://doi.org/10.1155/2018/8159548
Article Google Scholar
Kaur, D., Kaur, P.: Cross-site scripting attack and their prevention during development. Int. J. Eng. Dev. Res. 5(3) (2017). ISSN 2321-9939
Google Scholar
Kaur, G.: Study of cross-site scripting attack and their countermeasure. Int. J. Comput. Appl. Technol. Res. 3(10) (2014). ISSN 2319-8656
Article Google Scholar
Singh, A., Sthappan, S.: A survey on XSS web-attack and defence mechanism. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (IJARCSSE) 4(3) (2014). ISSN 277-128X
Google Scholar
Shalini, S., Usha, S.: Prevention of cross-site scripting attacks(XSS) on web application ın the client side. Int. J. Comput. Sci. Issues 8(4), 650 (2011)
Google Scholar
Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Cross-site scripting detection based on an enhanced genetic algorithm. Indian J. Sci. Technol. 8(30), 1–7 (2015). https://doi.org/10.17485/ijst/2015/68130/86055
Article Google Scholar
Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithm. In: Proceedings of the 2010 ICSE Workshops on Software Engineering for secure Systems, pp. 65–71. ACM, Cape Town (2010)
Google Scholar
Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web application. Inf. Softw. Technol. 54(5), 467-478 (2012). http://linkinghub.elsevier.com/retrieve/pii/s0950584911002503
Article Google Scholar
Shuai, B., Li, M., Li, H., Zhang, Q., Tang, C.: Software vulnerability detection using genetic algorithm and dynamic taint analysis. In: 3rd International Conference on Consumer Electronics, Communication and Network (CECNet), pp. 589–593. IEEE, November 2013. http://ieeexplore.ieee.org/Ipdocs/epic03/wrapper.htm?arnumber=6703400
Gupta, S., Sharma, L.: Exploitation of cross-site scripting (XSS) vulnerability on real world web application and its defense. Int. J. Comput. Appl. 60(14), 28–93 (2012)
Google Scholar
Acunetix vulnerability Scanner. http://www.acunetix.com/vulnerability_scanner
OpenWeb application Security Project. https://www.owasp.org/index.php/Top_10
Tang, Z., Zhu, H., Cao, Z., Zhao, S.: L-WMxD: lexical based webmail XSS discover. In: IEEE Conference on Computer Communication Workshops (INFOCOM WKSHPS), pp. 976–981 (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Technology, Yashwantrao Chavan College of Engineering, Nagpur, Maharashtra, India
Shubhangi Ninawe & Rakhi Wajgi

Authors

Shubhangi Ninawe
View author publications
You can also search for this author in PubMed Google Scholar
Rakhi Wajgi
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shubhangi Ninawe .

Editor information

Editors and Affiliations

Department of CSE, Francis Xavier Engineering College, Tirunelveli, Tamil Nadu, India
S. Balaji
Departamento de Engenharia Informática, Faculdade de Ciências e Tecnologia, University of Coimbra, Coimbra, Portugal
Álvaro Rocha
Department of Electrical Engineering, National Changhua University of Education, Changhua County, Taiwan
Yi-Nan Chung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ninawe, S., Wajgi, R. (2020). Detection of DOM-Based XSS Attack on Web Application. In: Balaji, S., Rocha, Á., Chung, YN. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. ICICV 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 33. Springer, Cham. https://doi.org/10.1007/978-3-030-28364-3_65

Download citation

DOI: https://doi.org/10.1007/978-3-030-28364-3_65
Published: 13 August 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28363-6
Online ISBN: 978-3-030-28364-3
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics