Cross Site Scripting
A Survey Paper on
Methods for Robust Detection and Prevention of XSS Attacks
Abstract- This survey aims to list out the major XSS vulnerabilities exposed in the web environment and various preventive measures currently in use against them. We will also try to compare them and establish the best out of them and also to set up a base to visualize a better method in the upcoming future.
Index terms -XSS (Cross Site Scripting), Vulnerabilities, Prevention Methods, Existing Technologies, Web Application, Web Application Security
I. Introduction
A web application is an application software that is hosted on web and runs on a web browser. Web application security is a branch of information security that deals specifically with security of websites, web applications and web services.
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker).Currently, most approaches attempt to prevent XSS on the server side by inspecting and modifying the data that is exchanged between the web application and the user. Unfortunately, it is often the case that vulnerable applications are not fixed for a considerable amount of time, leaving the users vulnerable to attacks. The solution presented in this paper stops XSS attacks on the client side by tracking the flow of sensitive information inside the web browser. If sensitive information is about to be transferred to a third party, the user can decide if this should be permitted or not. As a result, the user has an additional protection layer when surfing the web, without solely depending on the security of the web application.
Nowadays, many web sites make extensive use of clientside scripts (mostly written in JavaScript) to enhance user experience. Unfortunately, this trend has also
Methods for Robust Detection and Prevention of XSS Attacks
Abstract- This survey aims to list out the major XSS vulnerabilities exposed in the web environment and various preventive measures currently in use against them. We will also try to compare them and establish the best out of them and also to set up a base to visualize a better method in the upcoming future.
Index terms -XSS (Cross Site Scripting), Vulnerabilities, Prevention Methods, Existing Technologies, Web Application, Web Application Security
I. Introduction
A web application is an application software that is hosted on web and runs on a web browser. Web application security is a branch of information security that deals specifically with security of websites, web applications and web services.
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker).Currently, most approaches attempt to prevent XSS on the server side by inspecting and modifying the data that is exchanged between the web application and the user. Unfortunately, it is often the case that vulnerable applications are not fixed for a considerable amount of time, leaving the users vulnerable to attacks. The solution presented in this paper stops XSS attacks on the client side by tracking the flow of sensitive information inside the web browser. If sensitive information is about to be transferred to a third party, the user can decide if this should be permitted or not. As a result, the user has an additional protection layer when surfing the web, without solely depending on the security of the web application.
Nowadays, many web sites make extensive use of clientside scripts (mostly written in JavaScript) to enhance user experience. Unfortunately, this trend has also