Eradicating Cross Site Scripting Attack for a Secure Web Access

نویسنده

  • K. Vijayalakshmi
چکیده

Recent updates of Vulnerability reports of the Open Web Application Security Project confirm that Cross Site Scripting (XSS) is one of the most common and severe web security defects. Cross-Site Scripting occurs when an application takes data from the user and sends it back to a web browser without validation or encoding. It occurs when the web application references the user input in HTML pages when there is no proper validation. An attacker can easily inject the malicious scripts through such inputs in the HTML pages of the application. When a client browses a tapped page, the client’s browser which is unaware of the presence of malicious scripts may execute all scripts sent by the application which results in a successful XSS attack. To overcome this attack, this paper presents an Anti XSS Mechanism for mitigating XSS attacks and its vulnerabilities in Web Applications. Our proposed approach identifies the attack and detects it using a data refiner algorithm and secures them with appropriate encoding technique which prevents input values from causing any improper validation and execution of malicious script. We developed an Anti XSS tool, which contains two main mechanism called XSS Gauge and XSS Eradicator, to implement the proposed approach. Using this tool, we tested our proposed mechanism with the standard test bed applications and our work has shown a significant improvement, i.e., the average accuracy rate is 98.4 % which is far higher comparing to the existing systems in detecting and defending XSS Attacks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Secure Platform for Web Users Based on Browser Operating System Architecture

This paper will demonstrate that a secure, user friendly platform can be implemented using on Browser Operating System Architecture. This platform protects host machine from various attack like phishing attack, drive by download attack, cross site scripting attack. The BOS architecture treats Web applications as first class objects that users explicitly install and manage, giving them explicit ...

متن کامل

Runtime Monitoring Technique to handle Tautology based SQL Injection Attacks

Over the recent years our dependence on web applications has increased drastically in our everyday routine activities. Therefore, we expect these web applications to be secure and reliable when we are paying bills, shopping online, making transactions etc. These web applications consist of underlying databases containing confidential user’s data like financial information records, medical infor...

متن کامل

The Research Perspective: XSS Attack and Prevention of XSS Vulnerability in Web Application

Cross-Site Scripting is one of the major’s attacks described by OWASP. The Cross Site Scripting attack is possible by inserting or changing the programming logic, changing and syntax of HTML elements by code injection attacks. The Web application is XSS Vulnerable when there is no proper input validation. The many web applications like social networking sites are the victims of this attack. Thi...

متن کامل

A Web Developer's Guide to Cross-Site Scripting

Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. Because of the number of possible injection locations and techniques, many applications are vulnerable to this attack method. Scripting attacks differ from other web application vulnerabilities because they attack an application’s users, not a...

متن کامل

From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure?

Browser-based Single Sign-On (SSO) is replacing conventional solutions based on multiple, domain-specific credentials by offering an improved user experience: clients log on to their company system once and are then able to access all services offered by the company’s partners. By focusing on the emerging SAML standard, in this paper we show that the prototypical browser-based SSO use case suff...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017