JOURNAL OF FACULTY OF ENGINEERING & TECHNOLOGY, Vol 21, No 2 (2014)

Font Size:  Small  Medium  Large

Security Techniques and Solutions for Preventing the Cross-Site Scripting Web Vulnerabilities: A General Approach

M. Junaid Arshad, Natasha Nigar, Hasnain Ahmad, Amjad Farooq, Muhammad Usman Ghani Khan, Muhammad Idrees

Abstract


The growth of social networking sites across the World Wide Web is directly proportional to the complex user- created HTML content and this habit is rapidly becoming the norm rather than exception. Complex user created web message is a threat for cross site scripting (XSS) attacks that hits various websites and confidential user data. In this state, processes that prevent web applications to XSS attacks have been of recent interest for researchers. Most of the web applications and confidential user data have security problem with XSS attacks. Using this method an attacker embeds his malicious script into application’s output. This contaminated response of server is sent to a user’s web browser where it is executed and user’s sensitive data is transmitted to a third party. Recently XSS attack is prevented on server side, by thoroughly examining, filtering and removing malicious content inserted by hacker. For social networking sites the criticality of XSS attacks gets even higher because the hackers can try more socially engineered attacks where the target user can be fooled by thinking that an attack link is coming from his ‘friend’. The presented solution focuses on prevention techniques for cross-site (XSS) attacks both on server side and on the client side by keeping a track of all user requests and information. We have also discussed various recent XSS attacks in real world and have done analysis that why filtering mechanisms are so abortive and being failed in defending these attacks.

Full Text: Download PDF

Refbacks

  • There are currently no refbacks.


Faculty of Engineering and Technology

University of the Punjab

Lahore-54590-Pakistan