Current state of research on cross-site scripting (XSS) – A systematic literature review

Hydara, Isatou; Sultan, Abu Bakar; Zulzalil, Hazura; Admodisastro, Novia

doi:10.1016/j.infsof.2014.07.010

Cited by 115 publications

(65 citation statements)

References 96 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These types of attacks may cause severe breaches in security such as Account Hijacking and Cookie/Session theft. [12] State that Cross-site scripting (XSS) is a "security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs.…”

Section: Cross-site Scriptingmentioning

confidence: 99%

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

Kunda

Chishimba

Mulenga

et al. 2017

Int. J. Recent Contrib. Eng. Sci. IT

View full text Add to dashboard Cite

Abstract-The paper focuses on security and performance concerns in mobile web development. The approach used in the study involved surveying journal publications to identify security and performance concerns. The paper highlights some of the contemporary issues currently being faced by application developers as they create, update and maintain mobile web applications including Cross-Site Scripting, Cookie hijacking/theft, location hijacking, history theft, behavior analysis, session hijacking, API design, security and the type of web server used considered.

show abstract

Section: Cross-site Scriptingmentioning

confidence: 99%

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

Kunda

Chishimba

Mulenga

et al. 2017

Int. J. Recent Contrib. Eng. Sci. IT

View full text Add to dashboard Cite

show abstract

“…Otro trabajo [11], realizó enfoque sistemático para establecer una base de datos sustancial y completa de la literatura de última generación centrada en la detección de ataques. Finalmente, en la artículo [12] se lleva a cabo una revisión sistemática de la literatura sobre vulnerabilidades y ataques XSS hechas en trabajos afines.…”

Section: Introductionunclassified

Técnicas de programación segura para mitigar vulnerabilidades en aplicaciones web

Monar

Ramírez

Medina

et al. 2018

CCTESPE

View full text Add to dashboard Cite

Palabras Claves-Vulnerabilidades, OWASP, ataques web, PHP, programación segura, seguridad web.Abstract-Currently, most web applications contain security vulnerabilities. Probably, it is due to lack of culture of the developers or the absence of specific coding techniques. We analyzed certain works related, but we consider that they do not define detailed programming techniques, nor do they focus on a specific programming language. This work proposes a set of secure programming techniques to reduce vulnerabilities in web applications using the PHP. For this, ten vulnerabilities were determined using the OWASP TOP-10 recommendations. Then, the seven techniques are presented and their respective way of implementing them. The techniques are validated; the vulnerabilities of a web application are measured in two scenarios; with and without the implementation of the proposed techniques. The results show that the use of the proposed techniques is significantly related to the number of vulnerabilities found and therefore improves the level of security of web applications.

show abstract

“…When visiting the webpage containing the injected script, a user runs the script on his/her browser and becomes a victim of XSS attack. For instance, if a user profile on SNSs is infected by XSS, the profiles of the user's friends and other connected user profiles can be easily infected by this attack [4]. A typical XSS attack method is shown in Fig.…”

Section: Introductionmentioning

confidence: 99%

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Rathore¹,

Sharma²,

Park³

2017

J Inf Process Syst

View full text Add to dashboard Cite

Social networking services (SNSs) such as Twitter, MySpace, and Facebook have become progressively significant with its billions of users. Still, alongside this increase is an increase in security threats such as crosssite scripting (XSS) threat. Recently, a few approaches have been proposed to detect an XSS attack on SNSs. Due to the certain recent features of SNSs webpages such as JavaScript and AJAX, however, the existing approaches are not efficient in combating XSS attack on SNSs. In this paper, we propose a machine learningbased approach to detecting XSS attack on SNSs. In our approach, the detection of XSS attack is performed based on three features: URLs, webpage, and SNSs. A dataset is prepared by collecting 1,000 SNSs webpages and extracting the features from these webpages. Ten different machine learning classifiers are used on a prepared dataset to classify webpages into two categories: XSS or non-XSS. To validate the efficiency of the proposed approach, we evaluated and compared it with other existing approaches. The evaluation results show that our approach attains better performance in the SNS environment, recording the highest accuracy of 0.972 and lowest false positive rate of 0.87.

show abstract

Current state of research on cross-site scripting (XSS) – A systematic literature review

Cited by 115 publications

References 96 publications

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

An Analysis of Security and Performance Concerns in Mobile Web Application Development: Challenges and Open Issues

Técnicas de programación segura para mitigar vulnerabilidades en aplicaciones web

XSSClassifier: An Efficient XSS Attack Detection Approach Based on Machine Learning Classifier on SNSs

Contact Info

Product

Resources

About