Skip to main content

2020 | OriginalPaper | Buchkapitel

Detection of DOM-Based XSS Attack on Web Application

verfasst von : Shubhangi Ninawe, Rakhi Wajgi

Erschienen in: Intelligent Communication Technologies and Virtual Mobile Networks

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cross-Site Scripting (XSS) is one of the huge issues of any Web-based or Online applications. In this attack, the attacker uses malicious code to intercept the information through users web application and sends it to the corresponding web server. This is possible because web browsers are capable of executing the instructions stored in Web pages. This enables the attackers to make use of this feature, so as to execute the malicious code in a user’s Web browsing application. This attack if happened, may result in very slow and poor web surfing. It is also capable of stealing the cookies, passwords and other personal information of the user. These kind of attacks are very easy in terms of implementation but the prevention or detection of this attack is a challenging task. In this paper firstly the existing research on the prevention of XSS is presented. Then a framework is proposed to detect the XSS, which can provide a legitimate solution for the mitigation of the attack.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Thopate, P., Bamm, P., Kamble, A.: Cross site scripting attack detection & prevention system. Int. J. Adv. Res. Comput. Eng. Technol. (IJARCET) 3 (2014) Thopate, P., Bamm, P., Kamble, A.: Cross site scripting attack detection & prevention system. Int. J. Adv. Res. Comput. Eng. Technol. (IJARCET) 3 (2014)
3.
Zurück zum Zitat Kaur, D., Kaur, P.: Cross-site scripting attack and their prevention during development. Int. J. Eng. Dev. Res. 5(3) (2017). ISSN 2321-9939 Kaur, D., Kaur, P.: Cross-site scripting attack and their prevention during development. Int. J. Eng. Dev. Res. 5(3) (2017). ISSN 2321-9939
4.
Zurück zum Zitat Kaur, G.: Study of cross-site scripting attack and their countermeasure. Int. J. Comput. Appl. Technol. Res. 3(10) (2014). ISSN 2319-8656CrossRef Kaur, G.: Study of cross-site scripting attack and their countermeasure. Int. J. Comput. Appl. Technol. Res. 3(10) (2014). ISSN 2319-8656CrossRef
5.
Zurück zum Zitat Singh, A., Sthappan, S.: A survey on XSS web-attack and defence mechanism. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (IJARCSSE) 4(3) (2014). ISSN 277-128X Singh, A., Sthappan, S.: A survey on XSS web-attack and defence mechanism. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (IJARCSSE) 4(3) (2014). ISSN 277-128X
6.
Zurück zum Zitat Shalini, S., Usha, S.: Prevention of cross-site scripting attacks(XSS) on web application ın the client side. Int. J. Comput. Sci. Issues 8(4), 650 (2011) Shalini, S., Usha, S.: Prevention of cross-site scripting attacks(XSS) on web application ın the client side. Int. J. Comput. Sci. Issues 8(4), 650 (2011)
8.
Zurück zum Zitat Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithm. In: Proceedings of the 2010 ICSE Workshops on Software Engineering for secure Systems, pp. 65–71. ACM, Cape Town (2010) Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithm. In: Proceedings of the 2010 ICSE Workshops on Software Engineering for secure Systems, pp. 65–71. ACM, Cape Town (2010)
11.
Zurück zum Zitat Gupta, S., Sharma, L.: Exploitation of cross-site scripting (XSS) vulnerability on real world web application and its defense. Int. J. Comput. Appl. 60(14), 28–93 (2012) Gupta, S., Sharma, L.: Exploitation of cross-site scripting (XSS) vulnerability on real world web application and its defense. Int. J. Comput. Appl. 60(14), 28–93 (2012)
14.
Zurück zum Zitat Tang, Z., Zhu, H., Cao, Z., Zhao, S.: L-WMxD: lexical based webmail XSS discover. In: IEEE Conference on Computer Communication Workshops (INFOCOM WKSHPS), pp. 976–981 (2011) Tang, Z., Zhu, H., Cao, Z., Zhao, S.: L-WMxD: lexical based webmail XSS discover. In: IEEE Conference on Computer Communication Workshops (INFOCOM WKSHPS), pp. 976–981 (2011)
Metadaten
Titel
Detection of DOM-Based XSS Attack on Web Application
verfasst von
Shubhangi Ninawe
Rakhi Wajgi
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-28364-3_65