Cross-site Scripting Research: A Review

Nagarjun, Pmd; Shakeel, Shaik

doi:10.14569/ijacsa.2020.0110481

Cited by 6 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifically, the attacker exploits web applications vulnerable to SQL Injection attack [130] to gain unauthorized access to the database, compromising sensitive information and system security. Additionally, the attacker launches other code injection attacks, such as LDAP Injection attack [131], [132], DLL Injection attack [133], XML Injection attack [134]- [136], and cross-site scripting (XSS) attack [137]- [139], to insert malicious code and manipulate user input, further jeopardizing the system's integrity and user credentials. Such code injection attacks pose severe risks to industrial IIoT enterprise applications, potentially leading to data breaches, disclosure of sensitive information, and loss of business profits, which may result in significant financial harm.…”

Section: Hacking Scenario On Application Layermentioning

confidence: 99%

A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario

Eyeleko,

Feng

2023

IEEE Internet Things J.

View full text Add to dashboard Cite

We have witnessed significant technological advancement over the past few years, including the Internet of Things (IoT). The IoT's ability to connect consumer appliances to the internet has changed the way we live. As a result of the significant benefits that IoT has brought to household usage, it has become a topic of discussion for research departments, leading to its expansion into industrial sectors, commonly known as the Industrial Internet of Things (IIoT). IIoT enables automation and the use of intelligent machines to improve product manufacturing processes and enhance our lives as customers. However, as IIoT-enabling technology and applications continue to grow, security issues and privacy protection challenges become harder to manage, which frequently results in data breaches and sensitive information disclosures. This paper first explains what the reader needs to know about the IIoT system architecture in Industry 4.0 to make it easier for them to understand. Second, a hacking scenario is utilized as a methodology to conduct an in-depth analysis of various security issues, as well as their impacts and countermeasures, for each level of the IIoT architecture. Additionally, our hacking scenarios present a variety of targets from which malicious actors can launch their assaults. Third, we provide a thorough review of the various blockchain solutions currently being employed to protect IIoT systems. Finally, this paper draws to a close by outlining certain gaps and potential solutions that could be investigated in subsequent studies to strengthen security and enhance privacy for IIoT systems.

show abstract

Section: Hacking Scenario On Application Layermentioning

confidence: 99%

A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario

Eyeleko,

Feng

2023

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…(Open Web Application Security Project) [26]. Data in the form of general vulnerabilities that often occur on a website and their identification, such as Cross-Site Request Forgery [27], Directory Transversal, Local File Inclusion [28], Remote File Execution, SQL Injection [29], Cross-Site Scripting [30]. The data used is vulnerability data that often occurs in websites, namely HTML codes that can cause bugs.…”

Section: Research Datamentioning

confidence: 99%

Apache web server security with security hardening

Wibowo,

Ilmadina,

Ardi

et al. 2023

J. Soft Comput. Explor.

View full text Add to dashboard Cite

With the internet network, we can quickly get information very quickly. The information we get is not changed by people not authorized to access the system or platform. Apache is a web server often used to connect users with websites where the information is located. The more users there are, the more crimes there will be when attacking the web server by irresponsible people. Due to limited time for web administrators, to improve the security of the Apache web server, an intrusion detection system is needed that can help monitor network traffic and detect the type of attack that is occurring and then forward the notification to the mobile application in real-time, because attacks can occur at any time. Intrusion Detection is one implementation of the security hardening method for the software hardening category. The results of this research will be that the system will detect intrusion attempts based on the rules created, and users will receive notifications to the Telegram application and can see details of incoming reports such as the attacker's I.P. address, description of the intrusion, name of the security hole, time of intrusion, and payload used.

show abstract

“…Internet service users today have different educational backgrounds and ages. With the more widespread use, the more vulnerable network security is to attacks (Nagarjun & Ahamad, 2020). To avoid unexpected conditions, it is necessary to monitor and disseminate good information for internet service users.…”

Section: Introductionmentioning

confidence: 99%

Cross-site Scripting Reflected as A Risk High-Level Attack on University Website

Demhi,

Batmetan,

Liando

2022

IJITE

View full text Add to dashboard Cite

The era of digitalization is an era where information can be exchanged quickly and easily. This has contributed to improving the standard of human life for the better in all areas of life. The web is a technological innovation that changes the provision of information, services, and displays significantly. This allows for better interaction between service providers and their users. In general, universities use the website as a medium of information and media to support lecture activities and as campus promotions. However, many websites at universities do not yet have a strong level of security or protection, giving rise to opportunities for theft and manipulation of university data. XSS is an attack by inserting malicious code in the form of javascript through the input form that aims to steal cookies and then use these cookies to enter the web legally. The purpose of this study is to find out what risks will be posed by XSS to the website, especially the website used by Manado State University. This research method is carried out in 4 stages, namely software installation, vulnerability testing, presentation of the results of testing and solutions for website vulnerabilities.The results obtained through this study contained several vulnerabilities on Manado State University website which were obtained using OWASP tools. In addition to obtaining vulnerabilities on the website, solutions are also provided to overcome these vulnerabilities.

show abstract

Cross-site Scripting Research: A Review

Cited by 6 publications

References 21 publications

A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario

A Critical Overview of Industrial Internet of Things Security and Privacy Issues Using a Layer-Based Hacking Scenario

Apache web server security with security hardening

Cross-site Scripting Reflected as A Risk High-Level Attack on University Website

Contact Info

Product

Resources

About