XSS vulnerability assessment and prevention in web application

Shrivastava, Ankit; Choudhary, S. K.; Kumar, Ashish

doi:10.1109/ngct.2016.7877529

Cited by 22 publications

(9 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This vulnerability makes it possible for attackers to interfere with user interaction with the OS or an application by allowing them to circumvent same origin policy [23], [24]…”

Section: Xss (Crosssite Scripting)mentioning

confidence: 99%

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Softić¹,

Vejzović²

2022

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

This study investigated the vulnerabilities of three operating systems: Windows 10, macOS, and Ubuntu. The analysis of secondary data obtained from the CVE and NVD databases for the study period demonstrates varying OS vulnerability. Quantitative assessment of the vulnerability (using the vulnerability score) for the investigated operating systems found consistent results in the security vulnerability of these OS. The correlation of the disclosed vulnerabilities data and the average weighted vulnerability yielded coefficients of -0.3674, -0.4081, and 0.3473 for macOS, Windows 10, and Ubuntu Linux. These results demonstrate windows 10 as having the highest security vulnerability, followed by macOS. Ubuntu Linux had the lowest vulnerability scores. These results were validated by the CVSS distribution of the vulnerability score. The results point to the impact of the popularity of OS on the number of attacks in a given period. OS used by many people tend to attract significant attacks testing their integrity, security, and safety.

show abstract

“…This vulnerability makes it possible for attackers to interfere with user interaction with the OS or an application by allowing them to circumvent same origin policy [23], [24]…”

Section: Xss (Crosssite Scripting)mentioning

confidence: 99%

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Softić¹,

Vejzović²

2022

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

show abstract

“…Классическим примером является вредоносный скрипт, вставленный злоумышленником в поле комментариев в блоге или в сообщения на форуме. Когда жертва переходит на уязвимую веб-страницу в браузере, полезная нагрузка XSS будет использоваться как часть самой веб-страницы (точно также, как и сами законные комментарии) [16]. Это означает, что жертвы, в конечном итоге, случайно выполнят вредоносный сценарий, как только страница будет просмотрена в браузере.…”

Section: типы межсайтовых скриптовunclassified

Models and scenarios of implementation of threats for internet resources

Lesko

2020

Rossijskij tehnologičeskij žurnal

View full text Add to dashboard Cite

To facilitate the detection of various vulnerabilities, there are many different tools (scanners) that can help analyze the security of web applications and facilitate the development of their protection. But these tools for the most part can only identify problems, and they are not capable of fixing them. Therefore, the knowledge of the security developer is a key factor in building a secure Web resource. To resolve application security problems, developers must know all the ways and vectors of various attacks in order to be able to develop various protection mechanisms. This review discusses two of the most dangerous vulnerabilities in the field of Web technologies: SQL injections and XSS attacks (cross-site scripting – XSS), as well as specific cases and examples of their application, as well as various approaches to identifying vulnerabilities in applications and threat prevention. Cross-site scripting as well as SQL-injection attacks are related to validating input data. The mechanisms of these attacks are very similar, but in the XSS attacks the user is the victim, and in the SQL injection attacks, the database server of the Web application. In XSS attacks, malicious content is delivered to users by means of a client-side programming language such as JavaScript, while using SQL injection, the SQL database query language is used. At the same time, XSS attacks, unlike SQL injections, harm only the client side leaving the application server operational. Developers should develop security for both server components and the client part of the web application.

show abstract

“…Eventually, they found a system vulnerability in Tom and Winmail that confirmed the availability of the technology. In the paper published by Ankit Shrivastava, he detailed how to steal Webmail users cookies for identity theft through a reflective XSS vulnerability [17]. Jun Yang's team used a vocabulary-based fuzzy framework to construct a mutated XSS attack vectors [18].…”

Section: Related Workmentioning

confidence: 99%

Providing Email Privacy by Preventing Webmail from Loading Malicious XSS Payloads

Fang

Jia

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

With the development of internet technology, email has become the formal communication method in modern society. Email often contains a large amount of personal privacy information, possible business agreements, and sensitive attachments, which make emails a good target for hackers. One of the most common attack method used by hackers is email XSS (Cross-site scripting). Through exploiting XSS vulnerabilities, hackers can steal identities, logging into the victim’s mailbox and stealing content directly. Therefore, this paper proposes an email XSS detection model based on deep learning technology, which can identify whether the XSS payload is carried in the email or not. Firstly, the model could extract the Sender, Receiver, Subject, Content, Attachment field information from the original email. Secondly, the email XSS corpus is formed after data processing. The Word2Vec algorithm is introduced to train the corpus and extract features for each email sample. Finally, the model uses the Bidirectional-RNN algorithm and Attention mechanism to train the email XSS detection model. In the experiment, the AUC (area under curve) value of the Bidirectional-RNN model reached 0.9979. When the Attention mechanism was added, the accuracy upper limit of the Bidirectional-RNN model was raised to 0.9936, and the loss value was reduced to 0.03.

show abstract

XSS vulnerability assessment and prevention in web application

Cited by 22 publications

References 3 publications

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Models and scenarios of implementation of threats for internet resources

Providing Email Privacy by Preventing Webmail from Loading Malicious XSS Payloads

Contact Info

Product

Resources

About