Abstract
Networking threats aim to disrupt the normal flow of data and communication. They attack basic security measures—confidentiality, integrity and availability. Cross-site scripting (XSS) aims at rattling either confidentiality or integrity, depending on the focus of the attack. Since the dawn of the Internet, the amount of cyber-attacks and also the need for cybersecurity has grown exponentially. Today, there are numerous predefined ways network resources that can be attacked. It can be via malware or networking threats like XSS. This paper is an attempt to discover the most commonly exploited flaw in today’s web pages—the XSS vulnerability—using various testing tools like Burp Suite and Nessus.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Full-time bug hunting: pros and cons of an emerging career, https://www.helpnetsecurity.com/2020/04/07/bug-hunting-career/
Engin K, Christopher K, Giovanni V, Nenad J (2006) Noxes: a client-side solution for mitigating cross-site scripting attacks. In: 2006 ACM symposium on applied computing (SAC ‘06). Association for computing machinery, New York, pp 330–337
Vogt P, Florian N, Nenad J, Engin K, Christopher K, Giovanni V (2007) Cross site scripting prevention with dynamic data tainting and static analysis, NDSS
Bisht P, Venkatakrishnan VN (2008) XSS-GUARD: precise dynamic prevention of cross-site scripting attacks. In: Zamboni D (ed) Detection of intrusions and malware, and vulnerability assessment. DIMVA 2008. Lecture notes in computer science, vol 5137. Springer, Berlin, Heidelberg
Michael M, Monica SL (2008) Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: 17th conference on security symposium (SS’08). Association for computing machinery, New York, NY, USA, pp 31–43
Sun F, Xu L, Su Z (2009) Client-side detection of XSS worms by monitoring payload propagation. In: Backes M, Ning P (ed) Computer security—ESORICS 2009. ESORICS 2009. Lecture notes in computer science, vol 5789. Springer, Berlin, Heidelberg
Weinberger J, Saxena P, Akhawe D, Finifter M, Shin R, Song D (2011) A systematic analysis of XSS sanitization in web application frameworks. In: Atluri V, Diaz C (eds) Computer security—ESORICS 2011. ESORICS 2011. Lecture notes in computer science, vol 6879. Springer, Berlin, Heidelberg
Mukesh KG, Govil MC, Singh G (2015) Predicting cross-site scripting (XSS) security vulnerabilities in web applications. In: 2015 12th international joint conference on computer science and software engineering (JCSSE), pp 162–167. IEEE
Shailendra R, Pradip S, Jong HP (2017) XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs. J Inf Process Syst 13(4):1014–1028
A Survey on Cross-Site Scripting Attacks, https://arxiv.org/abs/0905.4850
Gupta S, Gupta BB (2017) Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int J Syst Assur Eng Manag 8:512–530
Swaswati G, Nazrul H, Dhruba KB, Jugal K (2017) An unsupervised method for detection of XSS attack. Int J Netw Secur 19(5):761–775
Gurpreet K, Bhavika P, Aayushi B, Gargi B, Shashank G (2018) Efficient yet robust elimination of XSS attack vectors from HTML5 web applications hosted on OSN-based cloud platforms. Procedia Comput Sci 125:669–675
Gupta S, Gupta BB (2016) XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arab J Sci Eng 41:897–920
Qijin W, Jun H, Xiaoxia Q (2019) XSS attack detection and prevention system based on instruction set randomization. IOP Conf Series: Mater Sci Eng 563(4):1–6
Germán ER, Jenny GT, Pamela F, Diego EB (2020) Cross-site scripting (XSS) attacks and mitigation: a survey. Comput Netw 166:106960
Jingchi Z, Yu-Tsern J, Xiangyang L (2019) Cross-site scripting (XSS) detection integrating evidences in multiple stages. In: 2019 proceedings of the 52nd Hawaii international conference on system sciences, pp 7166–7175, ScholarSpace
Shashank G, Brij BG (2016) XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications. Secur Commun Netw 19(7):3966–3986
Burp Suite is the choice of security professionals worldwide, https://portswigger.net/burp
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kendurkar, A., Mandlekar, J., Jeyanthi, N., Thandeeswaran, R. (2023). Analysis of Cross-Site Scripting Vulnerabilities in Various Day-To-Day Web Applications. In: Asari, V.K., Singh, V., Rajasekaran, R., Patel, R.B. (eds) Computational Methods and Data Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 139. Springer, Singapore. https://doi.org/10.1007/978-981-19-3015-7_13
Download citation
DOI: https://doi.org/10.1007/978-981-19-3015-7_13
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-3014-0
Online ISBN: 978-981-19-3015-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)