Web Application Vulnerabilities - The Hacker's Treasure

Nirmal, K.; Janet, B.; Kumar, R.

doi:10.1109/icirca.2018.8597221

Cited by 15 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This form of XSS vulnerability is sometimes referred to as a persistent XSS. This is due to the fact that the malicious script is still present on the server after the attack has been completed [9]. During this type of attack, the attacker injects code that has been maliciously written onto the server in such a way that it cannot be removed.…”

Section: Stored Cross-site Scripting (Xss) Attackmentioning

confidence: 99%

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Weamie¹

2022

IJCNS

View full text Add to dashboard Cite

The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers' defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.

show abstract

Section: Stored Cross-site Scripting (Xss) Attackmentioning

confidence: 99%

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Weamie¹

2022

IJCNS

View full text Add to dashboard Cite

show abstract

“…Evaluating information security systems on websites consists of three main things: hosting providers, website protocols such as HTTP/HTTPS, and website platforms. The evaluation aims to determine the vulnerability of the system [18]. This research focuses on mitigating XSS attacks through the website platform.…”

Section: Introductionmentioning

confidence: 99%

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

Fadlil¹,

Riadi²,

Fachri³

2022

IJSSE

View full text Add to dashboard Cite

The increasing number of user-oriented applications uploading all their information to the web is causing cyber-attacks and data theft. One of the most prevalent vulnerabilities is Cross-Site Scripting (XSS). Intruders take advantage of these attacks to access sensitive user data. This study aims to mitigate XSS attacks by using the penetration testing method as an official effort to improve web server security. The subject of this research uses the login form from the academic information system web server. This study offers a mitigation system prototype against XSS using the penetration test method and the secure code algorithm. This method plays a role in obtaining vulnerability data and security code as a prevention system. The results of this study indicate three categories of web server weaknesses: five at the high level, 164 at the medium level, and 52 vulnerabilities at the low level. Mitigation measures use secure code by denying repeated failed login attempts. These results provide a strategy for web managers to improve security and consider the risk of cyberattacks.

show abstract

“…In this part, the XSS vulnerability relies on a browser, which can be attacked by XSS as long as you use it. Therefore, the attacks, often being the first step of other advanced attacks, directly threaten user privacy and server security, resulting in information disclosure, command execution, and so on [1,2]. There have already been many research teams that have introduced machine learning and deep learning algorithms into XSS attack detection [3].…”

Section: Introductionmentioning

confidence: 99%

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Fang

Huang

et al. 2019

Future Internet

View full text Add to dashboard Cite

With the development of artificial intelligence, machine learning algorithms and deep learning algorithms are widely applied to attack detection models. Adversarial attacks against artificial intelligence models become inevitable problems when there is a lack of research on the cross-site scripting (XSS) attack detection model for defense against attacks. It is extremely important to design a method that can effectively improve the detection model against attack. In this paper, we present a method based on reinforcement learning (called RLXSS), which aims to optimize the XSS detection model to defend against adversarial attacks. First, the adversarial samples of the detection model are mined by the adversarial attack model based on reinforcement learning. Secondly, the detection model and the adversarial model are alternately trained. After each round, the newly-excavated adversarial samples are marked as a malicious sample and are used to retrain the detection model. Experimental results show that the proposed RLXSS model can successfully mine adversarial samples that escape black-box and white-box detection and retain aggressive features. What is more, by alternately training the detection model and the confrontation attack model, the escape rate of the detection model is continuously reduced, which indicates that the model can improve the ability of the detection model to defend against attacks.

show abstract

Web Application Vulnerabilities - The Hacker's Treasure

Cited by 15 publications

References 8 publications

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Mitigation Web Server for Cross-Site Scripting Attack Using Penetration Testing Method

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Contact Info

Product

Resources

About