Mitigation of Cross-Site Scripting Attacks in Mobile Cloud Environments

  • R. MadhusudhanEmail author
  • Shashidhara
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


Cross-Site Scripting (XSS) is one of the dangerous and topmost web attacks as stated by recent surveys. XSS vulnerability arises, when an application deployed in a cloud, accept information from uncertain origin without an input validation, allowing the execution of dynamic content. XSS vulnerabilities may cause serious security violations in web and mobile cloud-based applications. In general, Cross-Site Scripting bugs are very easy to accomplish, but hard to discover and mitigate, because of the flexibility of encoding schemes like HTML encoding, which offers the adversary numerous chances to bypass the filters that should block dangerous content from being inserted into relied websites. In order to mitigate XSS vulnerability of a web application in the mobile cloud, a novel approach is presented, which successfully identifies the JavaScript-driven XSS attacks. In addition, we focus on, initiating a client-side Cross-Site Scripting attack discovery and mitigation technique known as Secure XSS layer based on the placement of sanitizers in the inserted malicious code.


Cloud security Cross-site scripting Mobile cloud computing Injection vulnerability Malicious code 


  1. 1.
  2. 2.
    Alhamazani, K., et al.: An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art. Computing 97(4), 357–377 (2015)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107 (2016)
  4. 4.
    Balzarotti, D., et al.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 387–401. IEEE (2008)Google Scholar
  5. 5.
    Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the art: automated black-box web application vulnerability testing. In: 2010 IEEE Symposium on Security and Privacy, pp. 332–345. IEEE (2010)Google Scholar
  6. 6.
    Fernandez, E.B., Monge, R., Hashizume, K.: Building a security reference architecture for cloud systems. Requirements Eng. 21(2), 225–249 (2016)CrossRefGoogle Scholar
  7. 7.
    Gupta, G.: Enhanced XSS defensive framework for web applications deployed in the virtual machines of cloud computing environment. Procedia Technol. 24, 1595–1602 (2016)CrossRefGoogle Scholar
  8. 8.
    Gupta, B., Gupta, S.: Alleviating the proliferation of JavaScript worms from online social network in cloud platforms. In: 2016 7th International Conference on Information and Communication Systems (ICICS), pp. 246–251. IEEE (2016)Google Scholar
  9. 9.
    Gupta, S., Gupta, B.: Cross-site scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manag. 1–19 (2015)Google Scholar
  10. 10.
    Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: An approach for cross-site scripting detection and removal based on genetic algorithms. In: The Ninth International Conference on Software Engineering Advances ICSEA (2014)Google Scholar
  11. 11.
    Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 601–610. ACM (2007)Google Scholar
  12. 12.
    Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 330–337. ACM (2006)Google Scholar
  13. 13.
    Mitropoulos, D., Louridas, P., Polychronakis, M., Keromytis, A.D.: Defending against web application attacks: approaches, challenges and implications. IEEE Trans. Dependable Secure Comput. 99, b11 (2017)Google Scholar
  14. 14.
    Mitropoulos, D., Stroggylos, K., Spinellis, D., Keromytis, A.D.: How to train your browser: preventing XSS attacks using contextual script fingerprints. ACM Trans. Priv. Secur. (TOPS) 19(1), 2 (2016)Google Scholar
  15. 15.
    de Paiva, O.Z., Ruggiero, W.V.: A survey on information flow control mechanisms in web applications. In: 2015 International Conference on High Performance Computing & Simulation (HPCS), pp. 211–220. IEEE (2015)Google Scholar
  16. 16.
    Saxena, P., Hanna, S., Poosankam, P., Song, D.: FLAX: systematic discovery of client-side validation vulnerabilities in rich web applications. In: NDss (2010)Google Scholar
  17. 17.
    Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web applications. Inf. Softw. Technol. 54(5), 467–478 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Mathematical and Computational SciencesNational Institute of Technology KarnatakaSurathkalIndia

Personalised recommendations