Cross-site Scripting Attack Avoidance through Dynamic Coding Structure
Keywords:
nhanced XSS Fortifier, Script Extracto, Threat Level, Vulnerable FreeAbstract
Due to the high prevalence of Cross-Site Scripting (XSS) attacks, most leading browsers now comprise or support filters to defend against XSS attacks. This paper presents an enhanced XSS fortifier for the vulnerable web sites. Unlike other proposed methodology this paper contains a script extractor which on execution retains the malicious scripts injected in the various Web pages of a vulnerable web site. It also provides the threat level which indicates the seriousness of the web site affected. The results of the script extractor indicate the loopholes of the web page which after every session of attack is being manually overcome by the web developer to make the website vulnerable free.
References
M. K. Gupta, M.C. Govil, G. Singh, “Predicting Cross-Site Scripting (XSS) Security Vulnerabilities in Web Applications”, international joint conference on computer science and software engineering, IEEE conference publication, pp.162-167, 2015.
D. Guaman, F. Guaman, D. Jaramillo, Manuel Sucunuta. “Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security”, 12th Iberian conference on information system and technologies, IEEE conference publication, pp.1-7, 2017.
A. Shrivastava, V.K Varma, V.G. Shankar “X-trap Trapping client and server side XSS vulnerability”, International conference on parallel, distributed and grid computing, IEEE conference publication, India, pp.394-398, 2016.
T.K. Nguyen, S.O. Hwang, “Large-Scale Detection of DOM-based XSS based on Publisher and Subscriber Model” International Conference on Computational Science and Computational Intelligence, IEEE conference publication, Korea, pp.975-980, 2016.
A. Shrivastava, S. Choudhary, A. Kumar “XSS Vulnerability Assessment and Prevention in Web Application”, 2nd International Conference on Next Generation Computing Technologies, IEEE conference publication, India, pp.850-853, 2016.
P.A. Sonewar, S.D. Thosar, “Detection of SQL Injection and XSS Attacks in Three Tier Web Applications”, International Conference on computing communication control, IEEE conference publication, Pune, pp.1-4, 2016.
M. Mohammadi, B. Chu, H.R. Lipford, “Automatic Web Security Unit Testing: XSS Vulnerability Detection”, 11th IEEE/ACM International Workshop in Automation of Software Test, IEEE conference publication, USA, pp.78-84, 2016.
P. Choudhary, B.B Gupta, S. Yamaguchi, “XSS detection with automatic view isolation on online social network”, IEEE 5th Global Conference on Consumer Electronics, IEEE conference publication, India, pp.1-5, 2016.
M. Amjad, “Security Enhancement of IPV6 Using Advance Encryption Standard and Diffie Hellman” International Journal of Science Research in Network Security and Communication, Vol.5, Issue-3, pp.182-187, 2017.
H. Bhasin, N. Kathuria, “Cryptography Automata Based Key Generation”, International Journal of Scientific Research in Network Security and Communication, Vol.1, Issue.2, pp.15-17, 2013.
Gelogo, Y. E. Caytiles, R. D. Park, B. “Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security”, International Journal of Control and Automation, Vol. 4, Issue-4. pp179-184, 2011.
M. Amjad, “Wireless Network Security: Susceptibility, Extortion and Kiosk” International Journal of Computer Sciences and Engineering, Vol-1, Issue-3, pp.10-14, 2013.
F.T. Zohra, S. Azam, Md.M. Rahman, "Overview of IPv6 Mobility Management Protocols and their Handover Performances", International Journal of Computer Sciences and Engineering, Vol.2, Issue.3, pp.125-133, 2014.
A. Kiezun, P.J. Juo, “Automatic Creation of SQL Injection and Cross-Site Scripting Attacks”, International conference on Software Engineering, IEEE Computer Society, USA, pp 199-209, 2009.
J. Bau, E. Bursztein, D. Gupta, J. Mitchell, “State of the Art: Automated Black-Box Web Application Vulnerability Testing”, IEEE Symposium on Security and Privacy IEEE conference publication, USA, pp.332-345, 2010.
J.M. Chen, Chia-Lun Wu, “An automated vulnerability scanner for injection attack based on injection point”, International Computer Symposium Privacy - IEEE conference publication, Taiwan, pp 113-118, 2010.
M.E Ruse, S. Basu, “Detecting Cross-Site Scripting Vulnerability Using Concolic Testing”, Information Technology: New Generations, Tenth International Conference IEEE, USA, pp 633-638, 2013.
S. Sugandh, B. M. Mehtre, “A Reliable Strategy for Proactive Self-Defense in Cyberspace using VAPT Tools and Techniques”, Computational Intelligence and Computing Research IEEE International Conference, India, pp.1-6, 2013.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
