Cross Site Scripting (XSS)

Cross Site Scripting (XSS) Attack Prevention with Dynamic Data Tainting

XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks

This paper focuses on defense mechanisms for cross-site scripting attacks, the top threat on web applications today. It is believed that input validation (or filtering) can effectively prevent XSS attacks on the server side. In this paper, we discuss several recent real-world XSS attacks and analyze the reasons for the failure of filtering mechanisms in defending these attacks. We conclude that...

Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense

Attacks on web applications are growing rapidly with the opening of new technologies, HTML tags and JavaScript functions. Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources (cookies, credentials etc. ) by injecting the malicious JavaScript code on the victim's web applications. The existing techniques like filtering of tags...

XSS Peeker: A Systematic Analysis of Cross-site Scripting Vulnerability Scanners

Since the first publication of the “OWASP Top 10” (2004), cross-site scripting (XSS) vulnerabilities have always been among the top 5 web application security bugs. Black-box vulnerability scanners are widely used in the industry to reproduce (XSS) attacks automatically. In spite of the technical sophistication and advancement, previous work showed that black-box scanners miss a non-negligible ...

Current state of research on cross-site scripting (XSS) - A systematic literature review

Keywords: Systematic literature review Cross-site scripting Security Web applications a b s t r a c t Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature revie...