It's More Than Stealing Cookies - Exploitability of XSS

Nirmal, K.; Janet, B.; Kumar, R.

doi:10.1109/iccons.2018.8663230

Cited by 5 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rodrí guez et al conducted mitigation research on Cross-Site Scripting vulnerabilities with the results of being able to mitigate these attacks showing that the trend is increasing in proposals that analyze web page content (13.20%), as well as those that serve as toolkits for web browsers (16.98%) using artificial intelligence techniques [12]. His research explained that XSS vulnerabilities could be exploited by stealing the victim's cookie and making the cookie login remotely, namely by utilizing the CORS (Cross-Origin Resource Sharing) working principle on di browser web [20]. Gunawan et al conducted research on XSS attacks by sending HTTP GET requests to a web server using Java Script that connected all web browsers to the BeFF tool on Kali Linux.…”

Section: Literature Reviewmentioning

confidence: 99%

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

Fadlil¹,

Riadi²,

Fachri³

2022

IJSSE

View full text Add to dashboard Cite

The increasing number of user-oriented applications uploading all their information to the web is causing cyber-attacks and data theft. One of the most prevalent vulnerabilities is Cross-Site Scripting (XSS). Intruders take advantage of these attacks to access sensitive user data. This study aims to mitigate XSS attacks by using the penetration testing method as an official effort to improve web server security. The subject of this research uses the login form from the academic information system web server. This study offers a mitigation system prototype against XSS using the penetration test method and the secure code algorithm. This method plays a role in obtaining vulnerability data and security code as a prevention system. The results of this study indicate three categories of web server weaknesses: five at the high level, 164 at the medium level, and 52 vulnerabilities at the low level. Mitigation measures use secure code by denying repeated failed login attempts. These results provide a strategy for web managers to improve security and consider the risk of cyberattacks.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

Fadlil¹,

Riadi²,

Fachri³

2022

IJSSE

View full text Add to dashboard Cite

show abstract

“…Due to the lack of security awareness and the around usage of Web Application Firewall (WAF) technology, it is common for developers to ignore the vulnerability on the source code level. Although WAF technology can usually intercept a considerable number of malicious attacks, a secure Web application should not rely solely on WAF technology to secure it [1]. If the source code is not reasonably modified, threats will always exist.…”

Section: Introductionmentioning

confidence: 99%

Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining

Wang

Miao

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

The largest number of cybersecurity attacks is on web applications, in which Cross-Site Scripting (XSS) is the most popular way. The code audit is the main method to avoid the damage of XSS at the source code level. However, there are numerous limits implementing manual audits and rule-based audit tools. In the age of big data, it is a new research field to assist the manual auditing through machine learning. In this paper, we propose a new way to audit the XSS vulnerability in PHP source code snippets based on a PHP code parsing tool and the machine learning algorithm. We analyzed the operation sequence of source code and built a model to acquire the information that is most closely related to the XSS attack in the data stream. The method proposed can significantly improve the recall rate of vulnerability samples. Compared with related audit methods, our method has high reusability and excellent performance. Our classification model achieved an F1 score of 0.92, a recall rate of 0.98 (vulnerable sample), and an area under curve (AUC) of 0.97 on the test dataset.

show abstract

Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing

Rodríguez-Galán,

Torres

2024

Ann. Telecommun.

View full text Add to dashboard Cite

It's More Than Stealing Cookies - Exploitability of XSS

Cited by 5 publications

References 7 publications

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

Cross-Site Scripting Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining

Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing

Contact Info

Product

Resources

About