Abstract
Cross-site scripting is a vulnerability in Web applications that can be exploited by injecting malicious script codes such as JavaScript into a Web application. A cross-site scripting technique allows an authorised user to inject malicious codes into a Web application and perform malicious activities. This paper analyses the traditional methods used in preventing cross-site scripting. A security framework is then proposed to improve the security of Web applications against Web-scripting attacks. This framework defines a security checklist, which comprises a set of rules. These rules contribute towards strengthening the security of Web applications and making them more robust to cross-site scripting attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Daneshgar, F., Sianaki, O.A., Guruwacharya, P.: Blockchain: a research framework for data security and privacy. In: Workshops of the International Conference on Advanced Information Networking and Applications, pp. 966–974. Springer (2019)
Duchene, F., Groz, R., Rawat, S., Richier, J.L.: XSS vulnerability detection using model inference assisted evolutionary fuzzing. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST), pp. 815–817. IEEE (2017)
Elkhodr, M., Shahrestani, S., Cheung, H.: The Internet of Things: vision & challenges. In: 2013 IEEE TENCON Spring Conference, pp. 218–222. IEEE (2013)
Elkhodr, M., Shahrestani, S., Cheung, H.: Ubiquitous health monitoring systems: addressing security concerns. J. Comput. Sci. 7(10), 1465 (2011)
Elkhodr, M., Shahrestani, S., Cheung, H.: Managing the Internet of Things. In: 2015 IEEE International Conference on Data Science and Data Intensive Systems, pp. 579–585. IEEE (2015)
Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Current state of research on cross-site scripting (XSS)-a systematic literature review. Inf. Softw. Technol. 58, 170–186 (2015)
Juarez, M., Imani, M., Perry, M., Diaz, C., Wright, M.: Toward an efficient website fingerprinting defense. In: European Symposium on Research in Computer Security, pp. 27–46. Springer (2016)
Kumar, P., Sheth, R.K.: A review on 0-day vulnerability testing in web application. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies, p. 141. ACM (2016)
Elkhodr, M., Shahrestani, S., Cheung, H.: The Internet of Things: new interoperability, management and security challenges. arXiv preprint arXiv:1604.04824 (2016)
Petefish, P., Sheridan, E., Wichers, D.: Cross-site request forgery (CSRF) prevention cheat sheet (2011)
Sianaki, O.A., Yousefi, A., Tabesh, A.R., Mahdavi, M.: Internet of everything and machine learning applications: issues and challenges. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 704–708. IEEE (2018)
Ter Louw, M., Venkatakrishnan, V.: Blueprint: robust prevention of cross-site scripting attacks for existing browsers. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 331–346. IEEE (2009)
Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th International Conference on Software Engineering, pp. 171–180. ACM (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Elkhodr, M., Patel, J.K., Mahdavi, M., Gide, E. (2020). Prevention of Cross-Site Scripting Attacks in Web Applications. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_100
Download citation
DOI: https://doi.org/10.1007/978-3-030-44038-1_100
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44037-4
Online ISBN: 978-3-030-44038-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)