Preventing Cross-Site Scripting (XSS) Assaults in Web Applications
VerifiedAdded on 2023/06/10
|17
|3829
|289
Report
AI Summary
This report delves into the critical issue of cross-site scripting (XSS) assaults and prevention within web applications. It explores the nature of XSS attacks, including persistent and non-persistent types, and their impact on web security. The report investigates various prevention strategies, such as filtering and analyzing exchanged information, and runtime enforcement through web browsers. It also examines the characteristics of web applications and their vulnerabilities, offering recommendations based on the assessment of web application security. The study emphasizes the importance of secure coding practices and the limitations of conventional security measures, advocating for improved techniques to detect and prevent XSS intrusions. The paper also explores the use of XACML and X.509 certificates to manifest authorization policies, incorporating safe redirect calls and SSL for seamless integration in web applications. This comprehensive analysis aims to provide insights into securing web applications and safeguarding end-users' data against evolving security threats, especially with the rise of new technologies and the increasing use of web applications.
Software Engineering
Cross-Site Scripting Assaults Prevention on Present Web Applications
By Student Name
Software Engineering
Professor
University Affiliation
City location of university
Date
Cross-Site Scripting Assaults Prevention on Present Web Applications
By Student Name
Software Engineering
Professor
University Affiliation
City location of university
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Software Engineering
Introduction
In this technological era, one of the major worries is Security. These widespread safety concerns
majorly target web applications as well as various Internet-based services linked to institutions,
organizations, and firms. To guarantee security, the conventional value offered to web users in
addition to reliable mediums ought to be incorporated in web applications. This study
concentrates on the particular issue of cross-site scripting intrusion prevention that targets web
applications. The type of intrusions, as well as techniques for countering them, will also be
studied. Discussion on every approach touching on the pros and cons as well as alternative
solutions will be covered Sonewar and Mhetre, (2015).
This paper’s hypothesis bases its findings on the authorization policies manifestation using
XACML and X.509 certificates. Web developers for a particular web application are at will to
indicate specific security provisions from the server side. The web creators can also demand the
rightful administration of the provisions on those customers meeting the set in the event of
employing the solution herein .by relaying in safe redirect calls and SSL, this approach is
incorporated seamlessly in the universal web applications Doupé et al (2013).
Project Aims and Objectives
A significant shift in the policies and procedures regarding strategies used in securing web
applications has been experienced in the recent few years. Intrusions by hackers on official
Twitter accounts of prominent institutions as Fox has raised more questions than answers
concerning the security mechanisms put in place by web application developers.
Introduction
In this technological era, one of the major worries is Security. These widespread safety concerns
majorly target web applications as well as various Internet-based services linked to institutions,
organizations, and firms. To guarantee security, the conventional value offered to web users in
addition to reliable mediums ought to be incorporated in web applications. This study
concentrates on the particular issue of cross-site scripting intrusion prevention that targets web
applications. The type of intrusions, as well as techniques for countering them, will also be
studied. Discussion on every approach touching on the pros and cons as well as alternative
solutions will be covered Sonewar and Mhetre, (2015).
This paper’s hypothesis bases its findings on the authorization policies manifestation using
XACML and X.509 certificates. Web developers for a particular web application are at will to
indicate specific security provisions from the server side. The web creators can also demand the
rightful administration of the provisions on those customers meeting the set in the event of
employing the solution herein .by relaying in safe redirect calls and SSL, this approach is
incorporated seamlessly in the universal web applications Doupé et al (2013).
Project Aims and Objectives
A significant shift in the policies and procedures regarding strategies used in securing web
applications has been experienced in the recent few years. Intrusions by hackers on official
Twitter accounts of prominent institutions as Fox has raised more questions than answers
concerning the security mechanisms put in place by web application developers.
Software Engineering
Therefore, this paper’s primary aim is to find out the preventive measures against cross-site
scripting intrusions. Getting the defensive mechanisms to the raising security menace on web
applications will be so essential in safeguarding end users’ data and information.
Research Questions
How to prevent web application is the prime question that this study will seek to find solutions
to. The types of web scripting intrusions, as well as their manifestation, will also need
revelations. Other questions, however, exist including the characteristic mechanisms of web
applications, the reliability of the security measures in place as well as the how to improve the
security standards of web applications.
Research Objectives
The primary motivation behind carrying out this study is clear and aims at achieving the goal of
preventing an intrusion on web applications. Such intrusions if not controlled may lead to
endangering personal and even civil data and information. Chief objectives of this research
include observation of current scenario on the web application security, identification of the
strengths as well as vulnerabilities of web applications, finding out end users’ pleas and
expectations and conversely making recommendations based on the assessment of web
application security.
Overview and Motivation
Various application software companies are increasingly using the web prototype in their design
approaches .web development models enable designing prevalent applications that can possibly
be utilized by millions of clients ranging from the simplest to the complicated web users. In
addition, the mere fact that emergent technologies exist is an opportunity for web features
Therefore, this paper’s primary aim is to find out the preventive measures against cross-site
scripting intrusions. Getting the defensive mechanisms to the raising security menace on web
applications will be so essential in safeguarding end users’ data and information.
Research Questions
How to prevent web application is the prime question that this study will seek to find solutions
to. The types of web scripting intrusions, as well as their manifestation, will also need
revelations. Other questions, however, exist including the characteristic mechanisms of web
applications, the reliability of the security measures in place as well as the how to improve the
security standards of web applications.
Research Objectives
The primary motivation behind carrying out this study is clear and aims at achieving the goal of
preventing an intrusion on web applications. Such intrusions if not controlled may lead to
endangering personal and even civil data and information. Chief objectives of this research
include observation of current scenario on the web application security, identification of the
strengths as well as vulnerabilities of web applications, finding out end users’ pleas and
expectations and conversely making recommendations based on the assessment of web
application security.
Overview and Motivation
Various application software companies are increasingly using the web prototype in their design
approaches .web development models enable designing prevalent applications that can possibly
be utilized by millions of clients ranging from the simplest to the complicated web users. In
addition, the mere fact that emergent technologies exist is an opportunity for web features
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Software Engineering
enhancement although the safety mechanisms to be included in such web applications in
increasingly proofing to be difficult.
Web developers need to provide functional mechanisms in addition to the expected value that
their end users get to be secured while using the resources and data linked to the web
applications deployed for use. The current techniques used in securing conventional applications
fall short sometimes during the directing of web prototypes hence leaving the clients to take care
of fundamental components of the services. Tasking the end users with the responsibility for
safeguarding some web application services may lead to compromising the application’s safety
provisions and hence should be avoided at all costs.
This study concentrates on the particular example of Cross-Site Scripting assaults (XSS) against
the web applications security. XSS assault spreads after an introduction of a malicious code to
the web application with the intention of jeopardizing the created trust connection between a
client and the site being visited by the end user on the web application. On successful
exploitation of the web application’s vulnerability, the code injector is free to bypass the
application’s controls as well as its integrity providing safety to the end user Gupta and Gupta,
(2017).
Background and Related Literature Review
This study focuses on the provision of fussy examination of elapsed web application security. An
analysis of the literature on web application outlines the exploitative nature of the web
applications that web developers still critically research on Luttgen , Pepe and Mandia, (2016).
enhancement although the safety mechanisms to be included in such web applications in
increasingly proofing to be difficult.
Web developers need to provide functional mechanisms in addition to the expected value that
their end users get to be secured while using the resources and data linked to the web
applications deployed for use. The current techniques used in securing conventional applications
fall short sometimes during the directing of web prototypes hence leaving the clients to take care
of fundamental components of the services. Tasking the end users with the responsibility for
safeguarding some web application services may lead to compromising the application’s safety
provisions and hence should be avoided at all costs.
This study concentrates on the particular example of Cross-Site Scripting assaults (XSS) against
the web applications security. XSS assault spreads after an introduction of a malicious code to
the web application with the intention of jeopardizing the created trust connection between a
client and the site being visited by the end user on the web application. On successful
exploitation of the web application’s vulnerability, the code injector is free to bypass the
application’s controls as well as its integrity providing safety to the end user Gupta and Gupta,
(2017).
Background and Related Literature Review
This study focuses on the provision of fussy examination of elapsed web application security. An
analysis of the literature on web application outlines the exploitative nature of the web
applications that web developers still critically research on Luttgen , Pepe and Mandia, (2016).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Software Engineering
Various XSS intrusions and their susceptible targets exist. Two types of the XSS intrusions on
today’s web applications will be described in depth in this report. Discussions on how to prevent
those including scripts analysis, web browsers runtime enforcement, and web content filtering.
XSS (Cross-Site Scripting) Intrusions.
Cross-Site Scripting intrusions refer to the performed against web applications with the intention
of taking control of and end users’ browser by an attacker for purposes of malicious script
execution. The malicious code, which is usually a Javascript4 or Html in nature and is
introduced within the web application’s site trust. Following a triumphant execution of the
ingrained code, free active or passive access by the attacker is gained to all the private browser
resources including individual session IDs and even cookies. There exist two types of cross-site
scripting intrusions, stored or persistent intrusions and the non-persistent or reflected intrusions
Hox et al (2017) .
Persistent XSS Intrusions
After an attacker’s introduction of malicious codes chiefly the HTML and JavaScript into the
web application, it is constantly kept data vault of the application. Consequently, when the end
user loads the destructive code into the browsers and remembering that the code is as a trusted
source of the website of the application, its allowed to access the sensitive data in the repository
of cookies. It is in this manner that the malicious code is able to hijack the client’s sensitive
information, which is naturally stored in the web application’s repository. All this is carried out
against the fundamental security policy of search engines allowing access to stored data only to
the rightful users who stored the data Panja et al , (2017).
Various XSS intrusions and their susceptible targets exist. Two types of the XSS intrusions on
today’s web applications will be described in depth in this report. Discussions on how to prevent
those including scripts analysis, web browsers runtime enforcement, and web content filtering.
XSS (Cross-Site Scripting) Intrusions.
Cross-Site Scripting intrusions refer to the performed against web applications with the intention
of taking control of and end users’ browser by an attacker for purposes of malicious script
execution. The malicious code, which is usually a Javascript4 or Html in nature and is
introduced within the web application’s site trust. Following a triumphant execution of the
ingrained code, free active or passive access by the attacker is gained to all the private browser
resources including individual session IDs and even cookies. There exist two types of cross-site
scripting intrusions, stored or persistent intrusions and the non-persistent or reflected intrusions
Hox et al (2017) .
Persistent XSS Intrusions
After an attacker’s introduction of malicious codes chiefly the HTML and JavaScript into the
web application, it is constantly kept data vault of the application. Consequently, when the end
user loads the destructive code into the browsers and remembering that the code is as a trusted
source of the website of the application, its allowed to access the sensitive data in the repository
of cookies. It is in this manner that the malicious code is able to hijack the client’s sensitive
information, which is naturally stored in the web application’s repository. All this is carried out
against the fundamental security policy of search engines allowing access to stored data only to
the rightful users who stored the data Panja et al , (2017).
Software Engineering
Web developers for a particular web application are at will to indicate specific security
provisions from the server side. The web creators can also demand the rightful administration of
the provisions on those customers meeting the set in the event of employing the solution
herein .by relaying in safe redirect calls and SSL, this approach is incorporated seamlessly in the
universal web applications. Persistent XSS intrusions are traditionally associated to message
boards web applications with weak input validation mechanisms. An instance of persistent was
the intrusion on Hotmail, which was then discovered and thwarted.
Non-Persistent XSS Intrusions
It is also called a reflected XSS intrusion. Here, injected code exploits a web application’s
weakness by taking the opportunity of information provided by the end user for purposes of
creating an outgoing page for the user in question. The third party directly through a third party
technique like an advertisement that is so rampant nowadays can see the introduced code. The
attacker can also employ another tactic of tricking the end user to click on a link containing the
untrusted code through spoofed email usage.
A successful click on the malicious sends the initial code to the end user but through the trusted
context of the website. In a similar way, the browser maintaining that trust with the malicious
code can send related information like session IDs and cookies which comprises the end user as a
result.
Combined with mechanisms like social engineering and phishing, non-persistent XSS intrusions
are the most experienced and disturbing kind of XSS intrusions performed on today’s web
Web developers for a particular web application are at will to indicate specific security
provisions from the server side. The web creators can also demand the rightful administration of
the provisions on those customers meeting the set in the event of employing the solution
herein .by relaying in safe redirect calls and SSL, this approach is incorporated seamlessly in the
universal web applications. Persistent XSS intrusions are traditionally associated to message
boards web applications with weak input validation mechanisms. An instance of persistent was
the intrusion on Hotmail, which was then discovered and thwarted.
Non-Persistent XSS Intrusions
It is also called a reflected XSS intrusion. Here, injected code exploits a web application’s
weakness by taking the opportunity of information provided by the end user for purposes of
creating an outgoing page for the user in question. The third party directly through a third party
technique like an advertisement that is so rampant nowadays can see the introduced code. The
attacker can also employ another tactic of tricking the end user to click on a link containing the
untrusted code through spoofed email usage.
A successful click on the malicious sends the initial code to the end user but through the trusted
context of the website. In a similar way, the browser maintaining that trust with the malicious
code can send related information like session IDs and cookies which comprises the end user as a
result.
Combined with mechanisms like social engineering and phishing, non-persistent XSS intrusions
are the most experienced and disturbing kind of XSS intrusions performed on today’s web
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Software Engineering
applications. Non-persistent XSS intrusions are commonly used for fraudulent activities by most
skilled attackers.
Attackers’ extremes with JavaScript?
The aftermath of an exploited JavaScript on web application may not instantly stand out primary
because all browsers run JavaScript in a very tightly regulated setting and that JavaScript has
restricted admittance to the client’s operating system and the client’s files
Nonetheless, the consideration that JavaScript put up admittance various exploitative, it is
straightforward to demonstrate whence inventive felons put up to get with JavaScript.
Ill-disposed JavaScript has admittance to all the same objects the rest of the web page has,
together with admittance to cookies. Cookies are employed to store session tokens if an attacker
put up to secure a client’s session cookie, they put up imitate that client.
JavaScript can interpret and perform random alterations to the browser’s DOM, JavaScript is at
will to use XML Http Request to send HTTP requests with arbitrary content to arbitrary
destinations and finally, JavaScript in modern browsers is able to influenceHTML5 APIs
together with accessing a client’s webcam geo location, microphone and even the explicit files
from the client’s file system. XSS in combination with some smart social engineering put up
bring an intruder a long way although most of the above APIs need client entrance.
As described, in combination with social engineering, permit felons to pull off advanced assaults
together with keylogging, cookie fraud, identity fraud, and phishing. Severely, XSS weaknesses
present the ideal basis for felons to escalate assaults to more serious ones.
Prevention Strategies
applications. Non-persistent XSS intrusions are commonly used for fraudulent activities by most
skilled attackers.
Attackers’ extremes with JavaScript?
The aftermath of an exploited JavaScript on web application may not instantly stand out primary
because all browsers run JavaScript in a very tightly regulated setting and that JavaScript has
restricted admittance to the client’s operating system and the client’s files
Nonetheless, the consideration that JavaScript put up admittance various exploitative, it is
straightforward to demonstrate whence inventive felons put up to get with JavaScript.
Ill-disposed JavaScript has admittance to all the same objects the rest of the web page has,
together with admittance to cookies. Cookies are employed to store session tokens if an attacker
put up to secure a client’s session cookie, they put up imitate that client.
JavaScript can interpret and perform random alterations to the browser’s DOM, JavaScript is at
will to use XML Http Request to send HTTP requests with arbitrary content to arbitrary
destinations and finally, JavaScript in modern browsers is able to influenceHTML5 APIs
together with accessing a client’s webcam geo location, microphone and even the explicit files
from the client’s file system. XSS in combination with some smart social engineering put up
bring an intruder a long way although most of the above APIs need client entrance.
As described, in combination with social engineering, permit felons to pull off advanced assaults
together with keylogging, cookie fraud, identity fraud, and phishing. Severely, XSS weaknesses
present the ideal basis for felons to escalate assaults to more serious ones.
Prevention Strategies
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Software Engineering
Even with extensive and notable evolution, concerning web applications after initial assaults on
them, such intrusions never stopped there. XSS intrusion mitigation needs more than
cryptography techniques and more conventional way via the use of firewalls. In addition, use of
secure coding practices or secure programming models has all been outclassed Wasserman and
Su, (2014).
With the inadequacies that come with conventional methods of web application security,
improved strategies need be developed for XSS intrusions detection and prevention. XSS
intrusions are grouped into two approaches, those that filter and analyze exchanged information
and through web browsers’ runtime coercion Snehi and Dhir, (2015).
Filtering and examination of the shared Information
For purposes of dealing with the persistent and non-persistent cross-site scripting intrusions,
most modern browsers perform filtering on rich content between the website and browsers. The
filtration technique is conducted through the definition of allowable special tags and characters
on which rejection is bound to befall any content not enlisted Kirda et al (2014).
An alternative to these XSS intrusion can be prevented through encoding mechanism in which
those characters are made to be less harmful. Nevertheless, these mechanisms can easily by
bypass by skilled attackers or hackers especially those with intention of carrying out online
fraud.
Another lesser mechanism is using policy-based techniques. Here a proxy server is positioned in
the applications site to filter all incoming and outgoing data streams. This proxy filtering
Even with extensive and notable evolution, concerning web applications after initial assaults on
them, such intrusions never stopped there. XSS intrusion mitigation needs more than
cryptography techniques and more conventional way via the use of firewalls. In addition, use of
secure coding practices or secure programming models has all been outclassed Wasserman and
Su, (2014).
With the inadequacies that come with conventional methods of web application security,
improved strategies need be developed for XSS intrusions detection and prevention. XSS
intrusions are grouped into two approaches, those that filter and analyze exchanged information
and through web browsers’ runtime coercion Snehi and Dhir, (2015).
Filtering and examination of the shared Information
For purposes of dealing with the persistent and non-persistent cross-site scripting intrusions,
most modern browsers perform filtering on rich content between the website and browsers. The
filtration technique is conducted through the definition of allowable special tags and characters
on which rejection is bound to befall any content not enlisted Kirda et al (2014).
An alternative to these XSS intrusion can be prevented through encoding mechanism in which
those characters are made to be less harmful. Nevertheless, these mechanisms can easily by
bypass by skilled attackers or hackers especially those with intention of carrying out online
fraud.
Another lesser mechanism is using policy-based techniques. Here a proxy server is positioned in
the applications site to filter all incoming and outgoing data streams. This proxy filtering
Software Engineering
mechanism entails enforcing some set policy rules set by the developers of the application
Kieyzun et al (2009).
Web Browsers Runtime Enforcement
This is an alternative to the aforementioned issue on XSS intrusion prevention regarding
percolation of web content on the client and or server grounded proxies. Subjecting the Java-
Scripts interpreter to an auditing system is the concept concerning runtime enforcement. Mozilla
browser as an intrusion detection system uncovering any violations of it and taking appropriate
defensive measure against it mostly uses JavaScript Bisht and Venkatakrishnan, (2013).
The concept in runtime is a revelation of anomalies like a web application’s site cookies being
transferred to suspicious parties. The interpreters like Flash and Java need be integrated to all
browsers for greatest achievements to be realized Rao et al (2016).
A policy-based administration in which all activities are ingrained in documents where server-
browser exchanges occur and the browser interpreter can either decide to let it pass or be denied
permission.
Briefing on current prevention techniques
Our reviewed proposals need more development to be able to deal with the web application
issues.It is very essential to put conformity between browser and server grounded solutions for a
successful take on the XSS intrusion. This paper takes a different stand although web browser
mechanism entails enforcing some set policy rules set by the developers of the application
Kieyzun et al (2009).
Web Browsers Runtime Enforcement
This is an alternative to the aforementioned issue on XSS intrusion prevention regarding
percolation of web content on the client and or server grounded proxies. Subjecting the Java-
Scripts interpreter to an auditing system is the concept concerning runtime enforcement. Mozilla
browser as an intrusion detection system uncovering any violations of it and taking appropriate
defensive measure against it mostly uses JavaScript Bisht and Venkatakrishnan, (2013).
The concept in runtime is a revelation of anomalies like a web application’s site cookies being
transferred to suspicious parties. The interpreters like Flash and Java need be integrated to all
browsers for greatest achievements to be realized Rao et al (2016).
A policy-based administration in which all activities are ingrained in documents where server-
browser exchanges occur and the browser interpreter can either decide to let it pass or be denied
permission.
Briefing on current prevention techniques
Our reviewed proposals need more development to be able to deal with the web application
issues.It is very essential to put conformity between browser and server grounded solutions for a
successful take on the XSS intrusion. This paper takes a different stand although web browser
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Software Engineering
enforcement offers better security options be it on client or server inclined proxy solutions
Shulman, Karlebach (2015).
Research Design
Research design, which encompasses a structured scheme that controls a research proposal, is a
methodical plan, which directs the proposed research as stated by Lewis (2015). The research
design is essentially a draft or layout of an entire research. This paper’s scheme includes data
collection followed by its analysis, interpretation then finally the findings and wrapping up.
Project Methodology and Justification
In order to attain the stated research objectives, secondary sources including online journals
published articles information security featured articles, various cybersecurity textbooks, articles
from case studies on web application securities and other Google search input.
The primary approach to be employed in this study will be methodological exploration entailing
both quantitative and qualitative methods of evaluation. In addition, some primary data sources
including using questionnaires and setting up personal interviews with a number of software
engineering security experts in the United Kingdom will be used Takhar and Ghorbani, (2017).
For qualitative analysis purposes, feedback from the 10-15 queries as well as the beneficial
information from the interviews will be used.
Concerning, the research design, a retrospective study involving past web scripting intrusions
will be analyzed for their preferred format of execution. Besides revisiting past occurrences, for a
comprehensive research regarding web scripting intrusions, both probability and non-probability
methods of sampling will be employed in this study McNely, Spinuzzi and Teston, (2015).
enforcement offers better security options be it on client or server inclined proxy solutions
Shulman, Karlebach (2015).
Research Design
Research design, which encompasses a structured scheme that controls a research proposal, is a
methodical plan, which directs the proposed research as stated by Lewis (2015). The research
design is essentially a draft or layout of an entire research. This paper’s scheme includes data
collection followed by its analysis, interpretation then finally the findings and wrapping up.
Project Methodology and Justification
In order to attain the stated research objectives, secondary sources including online journals
published articles information security featured articles, various cybersecurity textbooks, articles
from case studies on web application securities and other Google search input.
The primary approach to be employed in this study will be methodological exploration entailing
both quantitative and qualitative methods of evaluation. In addition, some primary data sources
including using questionnaires and setting up personal interviews with a number of software
engineering security experts in the United Kingdom will be used Takhar and Ghorbani, (2017).
For qualitative analysis purposes, feedback from the 10-15 queries as well as the beneficial
information from the interviews will be used.
Concerning, the research design, a retrospective study involving past web scripting intrusions
will be analyzed for their preferred format of execution. Besides revisiting past occurrences, for a
comprehensive research regarding web scripting intrusions, both probability and non-probability
methods of sampling will be employed in this study McNely, Spinuzzi and Teston, (2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Software Engineering
Data Analysis:
Quantitative and qualitative interpretations will be conducted after understanding the
significance of having robust security measures in place. Data matrix analysis will be a great
proposal for the quantitative data. Discerning web application threats on the affected applications
as well as the clients will enable carrying out a correlation using graphs and tables. Qualitative
data analysis will require the employment of ‘data display and analysis' method. Data display
and analysis contains three subcategories of data presentation in pictorial or graphical
arrangement then data reduction, which refers to doing away with unnecessary data and the third
sub-process of data verification and conclusion.
Requirements of the Research
With secondary sources, being the major data collection methods for the research, internet
means, and the library will form the bigger share in the collection of data soft and published
copies for use in the literature review. For personnel requirements, interviews with end users, as
well as web developers, will be covered. Depending on such sources, database companies,
research papers, encyclopedias, periodicals and published researches. Laptops with network
connectivity on which security tests performed on browsers like Chrome, Firefox, and many
others will be needed for the research. Powerful safety detection tools from CCNA will be
fundamental requirements too.
Research contribution
Web scripting intrusion study is an extension case on web application security researched on
before. Nevertheless, this paper concentrates on the intrusions, their types as well as the methods
of thwarting the discussed malicious intrusion. Various researches have been carried out
Data Analysis:
Quantitative and qualitative interpretations will be conducted after understanding the
significance of having robust security measures in place. Data matrix analysis will be a great
proposal for the quantitative data. Discerning web application threats on the affected applications
as well as the clients will enable carrying out a correlation using graphs and tables. Qualitative
data analysis will require the employment of ‘data display and analysis' method. Data display
and analysis contains three subcategories of data presentation in pictorial or graphical
arrangement then data reduction, which refers to doing away with unnecessary data and the third
sub-process of data verification and conclusion.
Requirements of the Research
With secondary sources, being the major data collection methods for the research, internet
means, and the library will form the bigger share in the collection of data soft and published
copies for use in the literature review. For personnel requirements, interviews with end users, as
well as web developers, will be covered. Depending on such sources, database companies,
research papers, encyclopedias, periodicals and published researches. Laptops with network
connectivity on which security tests performed on browsers like Chrome, Firefox, and many
others will be needed for the research. Powerful safety detection tools from CCNA will be
fundamental requirements too.
Research contribution
Web scripting intrusion study is an extension case on web application security researched on
before. Nevertheless, this paper concentrates on the intrusions, their types as well as the methods
of thwarting the discussed malicious intrusion. Various researches have been carried out
Software Engineering
concerning the intrusions but very few have been exhaustive in their findings. This means
another study was essential, as the web cross-site scripting assaults are currently a hot topic in
software engineering and related fields. This study seeks to be the connecting factor in the
missing pieces of web security. Carrying out a broader and extensive research will certainly
bring the difference.
Plan of Works
Any successful project needs to be scheduled effectively for purposes of correct alignment of
responsibilities as well as the timeline restriction enforcement. Concerning the web scripting
intrusions research, its schedule will be:
July-August (2018)
Topic selection
Review of the literature
Supervisor’s approval on the topic
August-September (2018)
Data collection or gathering
The initial draft of the proposal
Break
September-October (2018)
Supervisor approval of the proposal
concerning the intrusions but very few have been exhaustive in their findings. This means
another study was essential, as the web cross-site scripting assaults are currently a hot topic in
software engineering and related fields. This study seeks to be the connecting factor in the
missing pieces of web security. Carrying out a broader and extensive research will certainly
bring the difference.
Plan of Works
Any successful project needs to be scheduled effectively for purposes of correct alignment of
responsibilities as well as the timeline restriction enforcement. Concerning the web scripting
intrusions research, its schedule will be:
July-August (2018)
Topic selection
Review of the literature
Supervisor’s approval on the topic
August-September (2018)
Data collection or gathering
The initial draft of the proposal
Break
September-October (2018)
Supervisor approval of the proposal
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.