Web Development 2: Critical Review of Injection Flaws and XSS

Verified

Added on 2023/04/04

AI Summary

This report provides a critical review of injection flaws and cross-site scripting (XSS) vulnerabilities in web applications. Cross-site scripting is defined as a client-side attack involving the execution of malicious scripts, exploiting vulnerabilities by using invalid input within the generated output, primarily targeting JavaScript due to its widespread use. Injection flaws, on the other hand, allow attackers to bypass web application context security, potentially leading to data manipulation and increased vulnerability to security threats. The report emphasizes the need for developers to prevent injection flaws through proper string functions to avoid accessibility deterioration and security risks, highlighting that while the original operation policies and client-side scripting codes remain intact, attackers can bypass authentic access controls. The document concludes that both injection flaws and cross-site scripting pose significant security risks to web applications and their users.

Web Development

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CRITICAL REVIEW: INJECTION FLAWS AND CROSS SITE
SCRIPTING
Cross site scripting is considered as an attack on the client side code with help of
execution of malicious or suspicious scripts. It is also represented by XSS. It is considered as
web application vulnerability that involves the use of invalid input withing the output that is
generated. This main aim of the attacker is to harm the credential functioning of victim's
browsers and system but not directly (Sunkari and Rao, 2014). The malicious script which is
generated by the attacker is actually like a test protocol which helps in getting an estimate about
the current conditions of the target website. It is formulated for judging the potential
vulnerabilities that can be exploited for personal benefits through the user. JavaScript is a
fundamental language which is affected mostly by XSS because of its omnipresence in almost
every browsing platform (Stock, Spiegel and Johns, 2014).
However, injection flaws is a kind of class of security vulnerability that helps or supports
the users to break out of the web application context. The involvement of injection flaws in the
web application often invites individuals or attackers to breach the security settings and make
necessary changes according to their wishes. They may delete, add or update the data available
currently on the application and then make it more vulnerable to security threats. Injection flaws
can be the main cause of cross scripting and victimisation of users (Gupta and et. al., 2015).
Developers need to prevent injection flaws with help of proper string functions. The cross
scripting deteriorates the accessibility features of the website. Original policy of operations and
the codes of the client side scripting are the same but the authentic access controls are bypassed
by attackers. Hence, it has been evaluated that high amount of security risks are involved through
injection flaws and cross scripting.
3

REFERENCES
Books and Journals
Sunkari, V. and Rao, C. G., 2014. Defensive Approaches on SQL Injection and Cross-Site
Scripting Attacks. Global Journal of Computer Science and Technology. 14(2-E), p.77.
Stock, B., Spiegel, P. and Johns, M., 2014, August. Precise Client-side Protection against DOM-
based Cross-Site Scripting. In USENIX Security (pp. 655-670).
Gupta, B. B. and et. al., 2015. Cross-site scripting (XSS) abuse and defense: exploitation on
several testing bed environments and its defense. Journal of Information Privacy and Security.
11(2). pp.118-136.
4