Cross-site Scripting Attack Avoidance through Dynamic Coding Structure

Farheen Banu. J¹ , K. Vijayalakshmi²

¹ Dept. of MCA, Ethiraj College for Women (Madras University), Chennai, India .
² Dept. of MCA, Ethiraj College for Women (Madras University), Chennai, India .

Correspondence should be addressed to: ikramfarheen@gmail.com.

Section:Research Paper, Product Type: Journal
Vol.5 , Issue.4 , pp.15-19, Aug-2017

Online published on Aug 30, 2017

Copyright © Farheen Banu. J, K. Vijayalakshmi . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

1206 Views    423 Downloads    269 Downloads

Abstract :
Due to the high prevalence of Cross-Site Scripting (XSS) attacks, most leading browsers now comprise or support filters to defend against XSS attacks. This paper presents an enhanced XSS fortifier for the vulnerable web sites. Unlike other proposed methodology this paper contains a script extractor which on execution retains the malicious scripts injected in the various Web pages of a vulnerable web site. It also provides the threat level which indicates the seriousness of the web site affected. The results of the script extractor indicate the loopholes of the web page which after every session of attack is being manually overcome by the web developer to make the website vulnerable free.

Key-Words / Index Term :
Cross-Site Scripting, Enhanced XSS Fortifier, Script Extractor, Threat Level, Vulnerable Free

References :
[1]. M. K. Gupta, M.C. Govil, G. Singh, “Predicting Cross-Site Scripting (XSS) Security Vulnerabilities in Web Applications�, international joint conference on computer science and software engineering, IEEE conference publication, pp.162-167, 2015.
[2]. D. Guaman, F. Guaman, D. Jaramillo, Manuel Sucunuta. “Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security�, 12th Iberian conference on information system and technologies, IEEE conference publication, pp.1-7, 2017.
[3]. A. Shrivastava, V.K Varma, V.G. Shankar “X-trap Trapping client and server side XSS vulnerability�, International conference on parallel, distributed and grid computing, IEEE conference publication, India, pp.394-398, 2016.
[4]. T.K. Nguyen, S.O. Hwang, “Large-Scale Detection of DOM-based XSS based on Publisher and Subscriber Model� International Conference on Computational Science and Computational Intelligence, IEEE conference publication, Korea, pp.975-980, 2016.
[5]. A. Shrivastava, S. Choudhary, A. Kumar “XSS Vulnerability Assessment and Prevention in Web Application�, 2nd International Conference on Next Generation Computing Technologies, IEEE conference publication, India, pp.850-853, 2016.
[6]. P.A. Sonewar, S.D. Thosar, “Detection of SQL Injection and XSS Attacks in Three Tier Web Applications�, International Conference on computing communication control, IEEE conference publication, Pune, pp.1-4, 2016.
[7]. M. Mohammadi, B. Chu, H.R. Lipford, “Automatic Web Security Unit Testing: XSS Vulnerability Detection�, 11th IEEE/ACM International Workshop in Automation of Software Test, IEEE conference publication, USA, pp.78-84, 2016.
[8]. P. Choudhary, B.B Gupta, S. Yamaguchi, “XSS detection with automatic view isolation on online social network�, IEEE 5th Global Conference on Consumer Electronics, IEEE conference publication, India, pp.1-5, 2016.
[9]. M. Amjad, “Security Enhancement of IPV6 Using Advance Encryption Standard and Diffie Hellman� International Journal of Science Research in Network Security and Communication, Vol.5, Issue-3, pp.182-187, 2017.
[10]. H. Bhasin, N. Kathuria, “Cryptography Automata Based Key Generation�, International Journal of Scientific Research in Network Security and Communication, Vol.1, Issue.2, pp.15-17, 2013.
[11]. Gelogo, Y. E. Caytiles, R. D. Park, B. “Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security�, International Journal of Control and Automation, Vol. 4, Issue-4. pp179-184, 2011.
[12]. M. Amjad, “Wireless Network Security: Susceptibility, Extortion and Kiosk� International Journal of Computer Sciences and Engineering, Vol-1, Issue-3, pp.10-14, 2013.
[13]. F.T. Zohra, S. Azam, Md.M. Rahman, "Overview of IPv6 Mobility Management Protocols and their Handover Performances", International Journal of Computer Sciences and Engineering, Vol.2, Issue.3, pp.125-133, 2014.
[14]. A. Kiezun, P.J. Juo, “Automatic Creation of SQL Injection and Cross-Site Scripting Attacks�, International conference on Software Engineering, IEEE Computer Society, USA, pp 199-209, 2009.
[15]. J. Bau, E. Bursztein, D. Gupta, J. Mitchell, “State of the Art: Automated Black-Box Web Application Vulnerability Testing�, IEEE Symposium on Security and Privacy IEEE conference publication, USA, pp.332-345, 2010.
[16]. J.M. Chen, Chia-Lun Wu, “An automated vulnerability scanner for injection attack based on injection point�, International Computer Symposium Privacy - IEEE conference publication, Taiwan, pp 113-118, 2010.
[17]. M.E Ruse, S. Basu, “Detecting Cross-Site Scripting Vulnerability Using Concolic Testing�, Information Technology: New Generations, Tenth International Conference IEEE, USA, pp 633-638, 2013.
[18]. S. Sugandh, B. M. Mehtre, “A Reliable Strategy for Proactive Self-Defense in Cyberspace using VAPT Tools and Techniques�, Computational Intelligence and Computing Research IEEE International Conference, India, pp.1-6, 2013.