Skip to main content
SpringerLink
Log in

Analysis of Cross-Site Scripting Vulnerabilities in Various Day-To-Day Web Applications

  • Conference paper
  • First Online:
Computational Methods and Data Engineering

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 139))

  • 406 Accesses

Abstract

Networking threats aim to disrupt the normal flow of data and communication. They attack basic security measures—confidentiality, integrity and availability. Cross-site scripting (XSS) aims at rattling either confidentiality or integrity, depending on the focus of the attack. Since the dawn of the Internet, the amount of cyber-attacks and also the need for cybersecurity has grown exponentially. Today, there are numerous predefined ways network resources that can be attacked. It can be via malware or networking threats like XSS. This paper is an attempt to discover the most commonly exploited flaw in today’s web pages—the XSS vulnerability—using various testing tools like Burp Suite and Nessus.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Full-time bug hunting: pros and cons of an emerging career, https://www.helpnetsecurity.com/2020/04/07/bug-hunting-career/

  2. Engin K, Christopher K, Giovanni V, Nenad J (2006) Noxes: a client-side solution for mitigating cross-site scripting attacks. In: 2006 ACM symposium on applied computing (SAC ‘06). Association for computing machinery, New York, pp 330–337

    Google Scholar 

  3. Vogt P, Florian N, Nenad J, Engin K, Christopher K, Giovanni V (2007) Cross site scripting prevention with dynamic data tainting and static analysis, NDSS

    Google Scholar 

  4. Bisht P, Venkatakrishnan VN (2008) XSS-GUARD: precise dynamic prevention of cross-site scripting attacks. In: Zamboni D (ed) Detection of intrusions and malware, and vulnerability assessment. DIMVA 2008. Lecture notes in computer science, vol 5137. Springer, Berlin, Heidelberg

    Google Scholar 

  5. Michael M, Monica SL (2008) Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: 17th conference on security symposium (SS’08). Association for computing machinery, New York, NY, USA, pp 31–43

    Google Scholar 

  6. Sun F, Xu L, Su Z (2009) Client-side detection of XSS worms by monitoring payload propagation. In: Backes M, Ning P (ed) Computer security—ESORICS 2009. ESORICS 2009. Lecture notes in computer science, vol 5789. Springer, Berlin, Heidelberg

    Google Scholar 

  7. Weinberger J, Saxena P, Akhawe D, Finifter M, Shin R, Song D (2011) A systematic analysis of XSS sanitization in web application frameworks. In: Atluri V, Diaz C (eds) Computer security—ESORICS 2011. ESORICS 2011. Lecture notes in computer science, vol 6879. Springer, Berlin, Heidelberg

    Google Scholar 

  8. Mukesh KG, Govil MC, Singh G (2015) Predicting cross-site scripting (XSS) security vulnerabilities in web applications. In: 2015 12th international joint conference on computer science and software engineering (JCSSE), pp 162–167. IEEE

    Google Scholar 

  9. Shailendra R, Pradip S, Jong HP (2017) XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs. J Inf Process Syst 13(4):1014–1028

    Google Scholar 

  10. A Survey on Cross-Site Scripting Attacks, https://arxiv.org/abs/0905.4850

  11. Gupta S, Gupta BB (2017) Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int J Syst Assur Eng Manag 8:512–530

    Article  Google Scholar 

  12. Swaswati G, Nazrul H, Dhruba KB, Jugal K (2017) An unsupervised method for detection of XSS attack. Int J Netw Secur 19(5):761–775

    Google Scholar 

  13. Gurpreet K, Bhavika P, Aayushi B, Gargi B, Shashank G (2018) Efficient yet robust elimination of XSS attack vectors from HTML5 web applications hosted on OSN-based cloud platforms. Procedia Comput Sci 125:669–675

    Article  Google Scholar 

  14. Gupta S, Gupta BB (2016) XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arab J Sci Eng 41:897–920

    Article  Google Scholar 

  15. Qijin W, Jun H, Xiaoxia Q (2019) XSS attack detection and prevention system based on instruction set randomization. IOP Conf Series: Mater Sci Eng 563(4):1–6

    Google Scholar 

  16. Germán ER, Jenny GT, Pamela F, Diego EB (2020) Cross-site scripting (XSS) attacks and mitigation: a survey. Comput Netw 166:106960

    Article  Google Scholar 

  17. Jingchi Z, Yu-Tsern J, Xiangyang L (2019) Cross-site scripting (XSS) detection integrating evidences in multiple stages. In: 2019 proceedings of the 52nd Hawaii international conference on system sciences, pp 7166–7175, ScholarSpace

    Google Scholar 

  18. Shashank G, Brij BG (2016) XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications. Secur Commun Netw 19(7):3966–3986

    Google Scholar 

  19. Burp Suite is the choice of security professionals worldwide, https://portswigger.net/burp

Download references

Author information

Authors and Affiliations

  1. School of Information Technology & Engineering VIT, Vellore, Tamil Nadu, India

    Awani Kendurkar, Jayesh Mandlekar, N. Jeyanthi & R. Thandeeswaran

Authors
  1. Awani Kendurkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jayesh Mandlekar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. N. Jeyanthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. R. Thandeeswaran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. Jeyanthi .

Editor information

Editors and Affiliations

  1. Electrical and Computer Engineering, University of Dayton, Dayton, OH, USA

    Vijayan K. Asari

  2. School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttarakhand, India

    Vijendra Singh

  3. School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, Tamil Nadu, India

    Rajkumar Rajasekaran

  4. Department of Computer Science and Engineering, Chandigarh College of Engineering and Technology, Chandigarh, India

    R. B. Patel

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kendurkar, A., Mandlekar, J., Jeyanthi, N., Thandeeswaran, R. (2023). Analysis of Cross-Site Scripting Vulnerabilities in Various Day-To-Day Web Applications. In: Asari, V.K., Singh, V., Rajasekaran, R., Patel, R.B. (eds) Computational Methods and Data Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 139. Springer, Singapore. https://doi.org/10.1007/978-981-19-3015-7_13

Download citation

Publish with us

Policies and ethics

Search

Navigation