Cross Site Scripting attacks take place when a specific untrusted

Verified

Added on 2023/05/27

AI Summary

Cross site scripting (XSS) is a security attack where an attacker injects malicious script into a trusted website. XSS vulnerabilities can be prevented using validation, encoding, and testing. XSS can be exploited for session hijacking and phishing attacks. Prevent attackers from exploiting this vulnerability by using automatic source code scanning, checking third party packages, and conducting a penetration test.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CROSS SITE SCRIPTING
CROSS SITE SCRIPTING
Name of Student
Name of University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1CROSS SITE SCRIPTING
Cross site scripting (XSS)
Cross site scripting can be defined as a sort of injection security attack where a
particular attacker injects information like some malicious script into the content that belongs
to a trusted website. Cross site scripting attacks take place when a specific untrusted source is
provided the opportunity to inject their own code into a particular web application, this
malicious code includes some dynamic content which is delivered to the browser of a victim
(Hydara, Sultan and Zulzalil 2015). Some websites that have been a victim of XSS
vulnerability are Facebook, Twitter, eBay, MySpace, Yahoo and some more.
Preventing XSS issues in website
XSS vulnerabilities can be prevented using numerous ways, these ways are as follows
 Validation: the web application developers must analyze the code for a smart
interpretation. The user inputs must be filtered from a malicious chain of numerous
commands. Both the persistent and reflective cross-site scripting vulnerabilities are
handled with the help of validation.
 Encoding: besides validation, escaping and filtration are some of the best practices
for avoiding XSS vulnerability. The inputs along with various special characters must
be ciphered in the respective URL or HTML codes (Yusof and Pathan 2016). The
users can also look in outbound or inbound handling as well. Encoding brings about
all its share of the limitations.
 Testing: a XSS prevention model cannot be completed without testing of its input
fields at its regular intervals. Nowadays it is necessary for manual expert intervention
for testing various web applications for their logics that is not possible for a machine.
Exploitation of XSS
XSS can be exploited for various reasons, these reasons include

2CROSS SITE SCRIPTING
 Session hijacking attack: this attack would utilize JavaScript to steal the cookies of
current users along with their session cookie. It utilizes a script tag in order to append
an image to a specific current page. When the image is loaded the victim would send
his cookies to the evil domain.
 Phishing attack: this attack uses SS, JavaScript or HTML to make the victim fall into
trap and log in. it usually overwrites the HTML of the present page in order to look
similar to the login page (Sonewar and Mhetre 2015). The credentials of the victims
are already sent to the hacker and not the website when he tried to log in.
How to prevent attackers from using this vulnerability
Attackers can be prevented from exploiting the vulnerability by using various steps, these
include
 Tools that can used for automatic source code scanning must be used while
developing applications. An efficient Web vulnerability Scanner would spot some
common technical issues.
 If third party packages such as search engines are used on the site, they should be
checked for configuration or vulnerabilities issues with various vendors (Fang, Li and
Liu 2018). This must be done by running a test on how they deal with unwanted input.
 Before putting a Web application live, a penetration test must be conducted.
Simulation of an attack, the user can evaluate if the site still consists of any XSS
vulnerability.

3CROSS SITE SCRIPTING
References
Fang, Y., Li, Y., Liu, L. and Huang, C., 2018, March. DeepXSS: Cross Site Scripting
Detection Based on Deep Learning. In Proceedings of the 2018 International Conference on
Computing and Artificial Intelligence (pp. 47-51). ACM.
Hydara, I., Sultan, A.B.M., Zulzalil, H. and Admodisastro, N., 2015. Current state of research
on cross-site scripting (XSS)–A systematic literature review. Information and Software
Technology, 58, pp.170-186.
Sonewar, P.A. and Mhetre, N.A., 2015, January. A novel approach for detection of SQL
injection and cross site scripting attacks. In Pervasive Computing (ICPC), 2015 International
Conference on (pp. 1-4). IEEE.
Yusof, I. and Pathan, A.S.K., 2016. Mitigating cross-site scripting attacks with a content
security policy. Computer, 49(3), pp.56-63.

1 out of 4

+13062052269

info@desklib.com

Cross Site Scripting attacks take place when a specific untrusted

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Cross Site Scripting (XSS) and Software Security

Cross Site Scripting

190 - web developmet

Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion

Contemporary World Application 2022

Penetration Testing Penetration Testing