Title :
On Security Issues in Web Applications through Cross Site Scripting (XSS)
Author :
Malviya, Vikas K. ; Saurav, Sumeet ; Gupta, Arpan
Author_Institution :
Comput. Sci. & Eng., PDPM IIITDM, Jabalpur, India
Abstract :
Web applications have become a very popular means of developing software. This is because of many advantages of web applications like no need of installation on each client machine, centralized data, reduction in business cost etc. With the increase in this trend web applications are becoming vulnerable for attacks. Cross site scripting (XSS) is the major threat for web application as it is the most basic attack on web application. It provides the surface for other types of attacks like Cross Site Request Forgery, Session Hijacking etc. There are three types of XSS attacks i.e. non-persistent (or reflected) XSS, persistent (or stored) XSS and DOM-based vulnerabilities. There is one more type that is not as common as those three types, induced XSS. In this work we aim to study and consolidate the understanding of XSS and their origin, manifestation, kinds of dangers and mitigation efforts for XSS. Different approaches proposed by researchers are presented here and an analysis of these approaches is performed. Finally the conclusion is drawn at the end of the work.
Keywords :
Internet; security of data; DOM-based vulnerability; Web applications; XSS attacks; centralized data; client machine; cross site request forgery; cross site scripting; nonpersistent XSS; security issues; session hijacking; Browsers; Databases; HTML; Security; Servers; Testing; Web pages; Code Insertion; Cross Site Scripting; JavaScript; Security; Web Applications; XSS;
Conference_Titel :
Software Engineering Conference (APSEC), 2013 20th Asia-Pacific
Conference_Location :
Bangkok
Print_ISBN :
978-1-4799-2143-0
DOI :
10.1109/APSEC.2013.85
