Eradicating Cross Site Scripting Attack for a Secure Web Access

Recent updates of Vulnerability reports of the Open Web Application Security Project confirm that Cross Site Scripting (XSS) is one of the most common and severe web security defects. Cross-Site Scripting occurs when an application takes data from the user and sends it back to a web browser without validation or encoding. It occurs when the web application references the user input in HTML pages when there is no proper validation. An attacker can easily inject the malicious scripts through such inputs in the HTML pages of the application. When a client browses a tapped page, the client’s browser which is unaware of the presence of malicious scripts may execute all scripts sent by the application which results in a successful XSS attack. To overcome this attack, this paper presents an Anti XSS Mechanism for mitigating XSS attacks and its vulnerabilities in Web Applications. Our proposed approach identifies the attack and detects it using a data refiner algorithm and secures them with appropriate encoding technique which prevents input values from causing any improper validation and execution of malicious script. We developed an Anti XSS tool, which contains two main mechanism called XSS Gauge and XSS Eradicator, to implement the proposed approach. Using this tool, we tested our proposed mechanism with the standard test bed applications and our work has shown a significant improvement, i.e., the average accuracy rate is 98.4 % which is far higher comparing to the existing systems in detecting and defending XSS Attacks.