Abstract
Cross-Site Scripting (XSS) is one of the huge issues of any Web-based or Online applications. In this attack, the attacker uses malicious code to intercept the information through users web application and sends it to the corresponding web server. This is possible because web browsers are capable of executing the instructions stored in Web pages. This enables the attackers to make use of this feature, so as to execute the malicious code in a user’s Web browsing application. This attack if happened, may result in very slow and poor web surfing. It is also capable of stealing the cookies, passwords and other personal information of the user. These kind of attacks are very easy in terms of implementation but the prevention or detection of this attack is a challenging task. In this paper firstly the existing research on the prevention of XSS is presented. Then a framework is proposed to detect the XSS, which can provide a legitimate solution for the mitigation of the attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Thopate, P., Bamm, P., Kamble, A.: Cross site scripting attack detection & prevention system. Int. J. Adv. Res. Comput. Eng. Technol. (IJARCET) 3 (2014)
Ayeni, B.K., Sahalu, J.B., Adeyanju, K.R.: Detecting cross-site scripting in web application using fuzzy ınference system. J. Comput. Netw. Commun. 2018 (2018). Article ID 815948. https://doi.org/10.1155/2018/8159548
Kaur, D., Kaur, P.: Cross-site scripting attack and their prevention during development. Int. J. Eng. Dev. Res. 5(3) (2017). ISSN 2321-9939
Kaur, G.: Study of cross-site scripting attack and their countermeasure. Int. J. Comput. Appl. Technol. Res. 3(10) (2014). ISSN 2319-8656
Singh, A., Sthappan, S.: A survey on XSS web-attack and defence mechanism. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (IJARCSSE) 4(3) (2014). ISSN 277-128X
Shalini, S., Usha, S.: Prevention of cross-site scripting attacks(XSS) on web application ın the client side. Int. J. Comput. Sci. Issues 8(4), 650 (2011)
Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Cross-site scripting detection based on an enhanced genetic algorithm. Indian J. Sci. Technol. 8(30), 1–7 (2015). https://doi.org/10.17485/ijst/2015/68130/86055
Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithm. In: Proceedings of the 2010 ICSE Workshops on Software Engineering for secure Systems, pp. 65–71. ACM, Cape Town (2010)
Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web application. Inf. Softw. Technol. 54(5), 467-478 (2012). http://linkinghub.elsevier.com/retrieve/pii/s0950584911002503
Shuai, B., Li, M., Li, H., Zhang, Q., Tang, C.: Software vulnerability detection using genetic algorithm and dynamic taint analysis. In: 3rd International Conference on Consumer Electronics, Communication and Network (CECNet), pp. 589–593. IEEE, November 2013. http://ieeexplore.ieee.org/Ipdocs/epic03/wrapper.htm?arnumber=6703400
Gupta, S., Sharma, L.: Exploitation of cross-site scripting (XSS) vulnerability on real world web application and its defense. Int. J. Comput. Appl. 60(14), 28–93 (2012)
Acunetix vulnerability Scanner. http://www.acunetix.com/vulnerability_scanner
OpenWeb application Security Project. https://www.owasp.org/index.php/Top_10
Tang, Z., Zhu, H., Cao, Z., Zhao, S.: L-WMxD: lexical based webmail XSS discover. In: IEEE Conference on Computer Communication Workshops (INFOCOM WKSHPS), pp. 976–981 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ninawe, S., Wajgi, R. (2020). Detection of DOM-Based XSS Attack on Web Application. In: Balaji, S., Rocha, Á., Chung, YN. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. ICICV 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 33. Springer, Cham. https://doi.org/10.1007/978-3-030-28364-3_65
Download citation
DOI: https://doi.org/10.1007/978-3-030-28364-3_65
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28363-6
Online ISBN: 978-3-030-28364-3
eBook Packages: EngineeringEngineering (R0)