A Review on Detection of Cross-Site Scripting Attacks (XSS) in Web Security

Gan, Jun-Ming; Ling, Hang-Yek; Leau, Yu‐Beng

doi:10.1007/978-981-33-6835-4_45

Cited by 5 publications

(2 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This type of XSS attack focuses on manipulating the environment and JavaScript program code (Gan et al, 2020), the HTTP response from the original website to the victim does not change, but the client-side script runs unlike it should because the DOM environment of the page has been manipulated by the attacker (Shar & Tan, 2011). This type does not exploit web application server vulnerabilities.…”

Section: Dom-based Cross-site Scriptingmentioning

confidence: 99%

Server-side Cross-site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor

Pardomuan¹,

Kurniawan²,

Darus³

et al. 2023

JST

View full text Add to dashboard Cite

Cross-site Scripting attacks have been a perennial threat to web applications for many years. Conventional practices to prevent cross-site scripting attacks revolve around secure programming and client-side prevention techniques. However, client-side preventions are still prone to bypasses as the inspection is done on the user’s browser, so an adversary can alter the inspection algorithm to come up with the bypasses or even manipulate the victim to turn off the security measures. This decreases the effectiveness of the protection and leads to many web applications are still vulnerable to cross-site scripting attacks. We believe that XSS Auditor, which was pre-installed in Google Chrome browser for more than 9 years, is a great approach in combating and preventing XSS attacks. Hence, in this paper, we proposed a novel approach to thoroughly identify two types of cross-site scripting attacks through server-side filter implementation. Our proposed approach follows the original XSS Auditor mechanism implemented in Google Chrome. However, instead of placing the detection system on the client side, we design a detection mechanism that checks HTTP requests and responses as well as database responses for possible XSS attacks from the server side. From 500 payloads used to evaluate the proposed method, 442 payloads were classified correctly, thus showing that the proposed method was able to reach 88.4% accuracy. This work showed that the proposed approach is very promising in protecting users from devastating Cross-site Scripting attacks.

show abstract

Section: Dom-based Cross-site Scriptingmentioning

confidence: 99%

Server-side Cross-site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor

Pardomuan¹,

Kurniawan²,

Darus³

et al. 2023

JST

View full text Add to dashboard Cite

show abstract

“…The existing software for detecting XSS vulnerabilities, such as the Online Web Security Scanner, search for these vulnerabilities only in the open parts of websites that do not require access authorisation [17][18][19][20][21]. Such a drawback is significant considering that XSS vulnerabilities may be located in an unsearchable part of a web resource.…”

Section: Xss Vulnerabilities Detection Softwarementioning

confidence: 99%

Detection of Web Cross-Site Scripting (XSS) Attacks

et al. 2022

View full text Add to dashboard Cite

Most applications looking for XSS vulnerabilities have a variety of weaknesses related to the nature of constructing internet applications. Existing XSS vulnerability packages solely scan public net resources, which negatively influences the safety of internet resources. Threats may be in non-public sections of internet resources that can only be accessed by approved users. The aim of this work is to improve available internet functions for preventing XSS assaults by creating a programme that detects XSS vulnerabilities by completely mapping internet applications. The innovation of this work lies in its use of environment-friendly algorithms for locating extraordinary XSS vulnerabilities in addition to encompassing pre-approved XSS vulnerability scanning in examined internet functions to generate a complete internet resource map. Using the developed programme to discover XSS vulnerabilities increases the effectiveness of internet utility protection. This programme also simplifies the use of internet applications. Even customers unfamiliar with the fundamentals of internet security can use this programme due to its capability to generate a document with suggestions for rectifying detected XSS vulnerabilities.

show abstract

A systematic literature review on software security testing using metaheuristics

Ahsan,

Anwer

2024

Autom Softw Eng

View full text Add to dashboard Cite

A Review on Detection of Cross-Site Scripting Attacks (XSS) in Web Security

Cited by 5 publications

References 31 publications

Server-side Cross-site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor

Server-side Cross-site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor

Detection of Web Cross-Site Scripting (XSS) Attacks

A systematic literature review on software security testing using metaheuristics

Contact Info

Product

Resources

About