Advertisement

Detection of DOM-Based XSS Attack on Web Application

  • Shubhangi NinaweEmail author
  • Rakhi Wajgi
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 33)

Abstract

Cross-Site Scripting (XSS) is one of the huge issues of any Web-based or Online applications. In this attack, the attacker uses malicious code to intercept the information through users web application and sends it to the corresponding web server. This is possible because web browsers are capable of executing the instructions stored in Web pages. This enables the attackers to make use of this feature, so as to execute the malicious code in a user’s Web browsing application. This attack if happened, may result in very slow and poor web surfing. It is also capable of stealing the cookies, passwords and other personal information of the user. These kind of attacks are very easy in terms of implementation but the prevention or detection of this attack is a challenging task. In this paper firstly the existing research on the prevention of XSS is presented. Then a framework is proposed to detect the XSS, which can provide a legitimate solution for the mitigation of the attack.

Keywords

Cross-Site Scripting Web application attack Injection attacks Network security Web application protection 

References

  1. 1.
    Thopate, P., Bamm, P., Kamble, A.: Cross site scripting attack detection & prevention system. Int. J. Adv. Res. Comput. Eng. Technol. (IJARCET) 3 (2014)Google Scholar
  2. 2.
    Ayeni, B.K., Sahalu, J.B., Adeyanju, K.R.: Detecting cross-site scripting in web application using fuzzy ınference system. J. Comput. Netw. Commun. 2018 (2018). Article ID 815948.  https://doi.org/10.1155/2018/8159548CrossRefGoogle Scholar
  3. 3.
    Kaur, D., Kaur, P.: Cross-site scripting attack and their prevention during development. Int. J. Eng. Dev. Res. 5(3) (2017). ISSN 2321-9939Google Scholar
  4. 4.
    Kaur, G.: Study of cross-site scripting attack and their countermeasure. Int. J. Comput. Appl. Technol. Res. 3(10) (2014). ISSN 2319-8656CrossRefGoogle Scholar
  5. 5.
    Singh, A., Sthappan, S.: A survey on XSS web-attack and defence mechanism. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (IJARCSSE) 4(3) (2014). ISSN 277-128XGoogle Scholar
  6. 6.
    Shalini, S., Usha, S.: Prevention of cross-site scripting attacks(XSS) on web application ın the client side. Int. J. Comput. Sci. Issues 8(4), 650 (2011)Google Scholar
  7. 7.
    Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Cross-site scripting detection based on an enhanced genetic algorithm. Indian J. Sci. Technol. 8(30), 1–7 (2015).  https://doi.org/10.17485/ijst/2015/68130/86055CrossRefGoogle Scholar
  8. 8.
    Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithm. In: Proceedings of the 2010 ICSE Workshops on Software Engineering for secure Systems, pp. 65–71. ACM, Cape Town (2010)Google Scholar
  9. 9.
    Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web application. Inf. Softw. Technol. 54(5), 467-478 (2012). http://linkinghub.elsevier.com/retrieve/pii/s0950584911002503CrossRefGoogle Scholar
  10. 10.
    Shuai, B., Li, M., Li, H., Zhang, Q., Tang, C.: Software vulnerability detection using genetic algorithm and dynamic taint analysis. In: 3rd International Conference on Consumer Electronics, Communication and Network (CECNet), pp. 589–593. IEEE, November 2013. http://ieeexplore.ieee.org/Ipdocs/epic03/wrapper.htm?arnumber=6703400
  11. 11.
    Gupta, S., Sharma, L.: Exploitation of cross-site scripting (XSS) vulnerability on real world web application and its defense. Int. J. Comput. Appl. 60(14), 28–93 (2012)Google Scholar
  12. 12.
    Acunetix vulnerability Scanner. http://www.acunetix.com/vulnerability_scanner
  13. 13.
    OpenWeb application Security Project. https://www.owasp.org/index.php/Top_10
  14. 14.
    Tang, Z., Zhu, H., Cao, Z., Zhao, S.: L-WMxD: lexical based webmail XSS discover. In: IEEE Conference on Computer Communication Workshops (INFOCOM WKSHPS), pp. 976–981 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer TechnologyYashwantrao Chavan College of EngineeringNagpurIndia

Personalised recommendations