A Proposal: For Emerging Gaps in Finding Firm Solutions for Cross Site Scripting Attacks on Web Applications

Author

Hima Bindu Sadashiva Reddy


Abstract

There are many web vulnerabilities and popular among them is Cross Site Scripting Attacks (XSS). The XSS vulnerability can go to the extent of intruding on an organization's data via its web application. The activities the hijacker performs during these XSS attacks are accessing user sessions, deleting, adding, and modifying the data of the websites. Additionally, as they have control over the web pages, they add malicious code to distort the user interface and stop further business activities. If an organization’s website is providing service across the globe, this would halt all the user transactions for many hours until the issue is resolved. The attackers would further proceed to access the organization's servers if the situation is not handled to stop the XSS attacks. These real- time scenarios explain the severity of the XSS attacks. Further implementing solutions to not face further attacks is still continuing. The reason for the quest to find better solutions is to avoid these XSS attacks, because the hackers are always finding various routes to hack these web applications. However, even after finding many solutions, these attacks are happening regularly. Hence it is necessary to discover the gap to find an appropriate solution even before any new XSS attack happens. This paper proposes a methodology to explore these gaps and solutions to an ongoing cross site scripting attacks


Keywords

XSS, Web applications, web vulnerability, web attack, vulnerability detection, vulnerability exploitation


DOI : https://doi.org/10.55248/gengpi.2022.3.7.43


Full Text:

Download Paper PDF


References


[1]           Hydara, I, Bakar Md Sultan, A, Zulzalil, H, Admodisastro, N (2014). Current state of research on cross-site scripting (XSS) – A systematic literature review.Department of Software Engineering and Information System, 170 –186, 10.1016/j.infsof.2014.07.010

 

[2]           Venkat Narayana Rao, T, Tejaswini, V, Preethi, K (2012) DEFENDING AGAINST WEB VULNERABILITIES AND CROSS-SITE SCRIPTING, Journal of Global Research in Computer Science, Volume 3, No. 5, 60 – 64

 

[3]           Garcia-alfaro, J, Navarro-Arribas2, G. (2007). Prevention of Cross-Site Scripting Attacks on Current Web Applications. In Meersman, R.O.B.E.R.T. & Tari,Z.A.H.I.R (Eds), On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS (pp. 1770-1784).

 

[4]           Dr. Shanmugam1, J, Dr. Ponnavaikko2, M (2008) Cross Site Scripting-Latest developments and solutions: A survey, Int. J. Open Problems Compt. Math., Vol. 1,No. 2, 102 - 121

 

[5]           Whitehatseccom. (2013). Whitehatseccom. Retrieved 14 December, 2015, from https://www.whitehatsec.com/assets/WPstatsReport_052013.pdf

 

[6]           Athanasopoulos, E , Krithinakis, E, Markatos, E, (2010) Hunting Cross-Site Scripting Attacks in the Network, Institute of Computer Science Foundation for Research and Technology, 1-8

 

[7]           Amit Singh, A, Sathappan, S (2014) A Survey on XSS web-attack and Defense Mechanisms, International Journal of Advanced Research in Computer Science and Software Engineering Research Paper ,Volume 4, Issue 3 , 1160 – 1164

 

[8]           Vogt, P, Nentwich, F, Jovanovic, N, Kirda, E, Kruegel, C and Vigna, G (2007) Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis,Secure Systems Lab Technical University Vienna, 1-12

 

[9]           NSA, September 2011 Protect Against Cross Site Scripting (XSS) Attacks , Information Assurance Mission as National Security Agency, 1-2

 

[10]         Kaur, G (2014) Study of Cross-Site Scripting Attacks and Their Countermeasures, International Journal of Computer Applications Technology and Research, Volume 3, Issue 10, 604 – 609.

 

[11]         SHALINI1, S, USHA2, S (2011) Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side, International Journal of Computer Science Issues, Vol. 8, Issue 4, No 1, 650 - 654


 [12]         Practical Research: Planning and Design, P. D. Leedy & J. E. Ormrod, 11th (2015)



  [13]         Whitehatseccom. (2014). Whitehatseccom. Retrieved 14 December, 2015, from http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014- 20140410.pdf

 

[14]         Whitehatseccom. (2015). Whitehatseccom. Retrieved 14 December, 2015, from https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf

 

[15]         Rodriguez, K. M., Reddy, R. S., Barreiros, A. Q., & Zehtab, M. (2012, June). Optimizing Program Operations: Creating a Web-Based Application to Assign and Monitor Patient Outcomes, Educator Productivity and Service Reimbursement. In DIABETES (Vol. 61, pp. A631-A631). 1701 N BEAUREGARD ST, ALEXANDRIA, VA 22311-1717 USA: AMER DIABETES ASSOC.

 

[16]         Kwon, D., Reddy, R., & Reis, I. M. (2021). ABCMETAapp: R shiny application for simulation-based estimation of mean and standard deviation for meta- analysis via approximate Bayesian computation. Research synthesis methods, 12(6), 842–848. https://doi.org/10.1002/jrsm.1505

 

[17]         Reddy, H. B. S., Reddy, R. R. S., Jonnalagadda, R., Singh, P., & Gogineni, A. (2022). Usability Evaluation of an Unpopular Restaurant Recommender Web Application Zomato. Asian Journal of Research in Computer Science, 13(4), 12-33.

 

[18]         Reddy, H. B. S., Reddy, R. R. S., Jonnalagadda, R., Singh, P., & Gogineni, A. (2022). Analysis of the Unexplored Security Issues Common to All Types of NoSQL Databases. Asian Journal of Research in Computer Science, 14(1), 1-12.

 

[19]         Singh, P., Williams, K., Jonnalagadda, R., Gogineni, A., &; Reddy, R. R. (2022). International students: What’s missing and what matters. Open Journal of Social Sciences, 10(02),

 

[20]         Jonnalagadda, R., Singh, P., Gogineni, A., Reddy, R. R., & Reddy, H. B. (2022). Developing, implementing and evaluating training for online graduate teaching assistants based on Addie Model. Asian Journal of Education and Social Studies, 1-10.

 

[21]         Sarmiento, J. M., Gogineni, A., Bernstein, J. N., Lee, C., Lineen, E. B., Pust, G. D., & Byers, P. M. (2020).Alcohol/illicit substance use in fatal motorcycle crashes. Journal of surgical research, 256, 243-250.

 

[22]         Brown, M. E., Rizzuto, T., & Singh, P. (2019). Strategic compatibility, collaboration and collective impact for community change. Leadership & Organization Development Journal.

 

[23]         Sprague-Jones, J., Singh, P., Rousseau, M., Counts, J., & Firman, C. (2020). The Protective Factors Survey: Establishing validity and reliability of a self-report measure of protective factors against child maltreatment. Children and Youth Services Review, 111, 104868

 

[24]         Reddy Sadashiva Reddy, R., Reis, I. M., &Kwon, D. (2020). ABCMETAapp: R Shiny Application forSimulation-basedEstimation of Meanand Standard Deviationfor Meta-analysis via ApproximateBayesianComputation (ABC). arXiv e-prints, arXiv-2004.

Share your valuable work from Social Media Buttons