190 - web developmet

Verified

Added on 2023/04/04

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Web Development

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

CRITICAL REVIEW: INJECTION FLAWS AND CROSS SITE
SCRIPTING
Cross site scripting is considered as an attack on the client side code with help of
execution of malicious or suspicious scripts. It is also represented by XSS. It is considered as
web application vulnerability that involves the use of invalid input withing the output that is
generated. This main aim of the attacker is to harm the credential functioning of victim's
browsers and system but not directly (Sunkari and Rao, 2014). The malicious script which is
generated by the attacker is actually like a test protocol which helps in getting an estimate about
the current conditions of the target website. It is formulated for judging the potential
vulnerabilities that can be exploited for personal benefits through the user. JavaScript is a
fundamental language which is affected mostly by XSS because of its omnipresence in almost
every browsing platform (Stock, Spiegel and Johns, 2014).
However, injection flaws is a kind of class of security vulnerability that helps or supports
the users to break out of the web application context. The involvement of injection flaws in the
web application often invites individuals or attackers to breach the security settings and make
necessary changes according to their wishes. They may delete, add or update the data available
currently on the application and then make it more vulnerable to security threats. Injection flaws
can be the main cause of cross scripting and victimisation of users (Gupta and et. al., 2015).
Developers need to prevent injection flaws with help of proper string functions. The cross
scripting deteriorates the accessibility features of the website. Original policy of operations and
the codes of the client side scripting are the same but the authentic access controls are bypassed
by attackers. Hence, it has been evaluated that high amount of security risks are involved through
injection flaws and cross scripting.
3

REFERENCES
Books and Journals
Sunkari, V. and Rao, C. G., 2014. Defensive Approaches on SQL Injection and Cross-Site
Scripting Attacks. Global Journal of Computer Science and Technology. 14(2-E), p.77.
Stock, B., Spiegel, P. and Johns, M., 2014, August. Precise Client-side Protection against DOM-
based Cross-Site Scripting. In USENIX Security (pp. 655-670).
Gupta, B. B. and et. al., 2015. Cross-site scripting (XSS) abuse and defense: exploitation on
several testing bed environments and its defense. Journal of Information Privacy and Security.
11(2). pp.118-136.
4

1 out of 4

+13062052269

info@desklib.com

190 - web developmet

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Cross Site Scripting

Cross Site Scripting (XSS) and Software Security

Cross Site Scripting attacks take place when a specific untrusted

Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion

Penetration Testing Penetration Testing

Author's note: "Web APPLICATION SECURITY ASSESSMENT 2 2 WEB APPLICATION SECURITY ASSESSMENT Name of student Name of university"