We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Analysis of Prevention of XSS Attacks at Client Side

by Teena Hadpawat, Dipesh Vaya
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 173 - Number 10
Year of Publication: 2017
Authors: Teena Hadpawat, Dipesh Vaya
10.5120/ijca2017915344

Teena Hadpawat, Dipesh Vaya . Analysis of Prevention of XSS Attacks at Client Side. International Journal of Computer Applications. 173, 10 ( Sep 2017), 1-4. DOI=10.5120/ijca2017915344

@article{ 10.5120/ijca2017915344,
author = { Teena Hadpawat, Dipesh Vaya },
title = { Analysis of Prevention of XSS Attacks at Client Side },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2017 },
volume = { 173 },
number = { 10 },
month = { Sep },
year = { 2017 },
issn = { 0975-8887 },
pages = { 1-4 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume173/number10/28442-2017915344/ },
doi = { 10.5120/ijca2017915344 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:20:52.584195+05:30
%A Teena Hadpawat
%A Dipesh Vaya
%T Analysis of Prevention of XSS Attacks at Client Side
%J International Journal of Computer Applications
%@ 0975-8887
%V 173
%N 10
%P 1-4
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The web has become paramount part of our lives. Unfortunately, as our dependency on the web increases, so does the interest of attackers in enslaving web applications and web-base information systems. Previous work in the field of web application security has mainly focused on the mitigation of Cross Site Scripting and SQL injection attacks. XSS, or Cross Site Scripting, allows an attacker to execute code on the target website from user's browser of ten causing side effects such as data compromise, or the stealing of a user session. This can allow an attacker to impersonate a user to steal their details, or act in their place without consent. It is caused by scripts, which do not sanitize user input. In general, XSS attack is easy to execute, but difficult to detect and prevent. It can be prevented at both client and server. Several server side solutions of XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. In this paper analyzing of client side solution to detect attack and which technique is appropriate is done. In this paper focus is on the analysis of most of the client side solution presented yet and provides a comparative view of the solutions.

References
  1. Kamkar, S. I’m popular, 2005, description and technical explanation of the JS. Spacehero (a.k.a. “Samy”) MySpace worm.
  2. Flanagan,D. JavaScript: The Definitive Guide. December 2001. 4th Edition.
  3. Masri, W., Beirut, L., Podgurski, A. Using dynamic information flow analysis to detect attacks against applications, ACM SIGSOFT Software Engineering Notes Volume 30, Issue 4 July 2005
  4. Jovanovic, N, Kruegel, C., and Kirda., E. Pixy: A Static Analysis tool for Detecting web application vulnerabilities, Proceedings of the 2006 IEEE Symposium on Security and Privacy(S&P’06).
  5. Kirda, E., Kruegel, C., Vigna,G., and Jovanovic., N. Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In The 21st ACM Symposium on Applied Computing (SAC 2006), Pages: 330 - 337, April 23-27, 2006.
  6. Ismaill,, O., and .Youki, M.E., A proposal and Implementation of Automatic Detection/Collection system for Cross-Site Scripting Vulnerability”=. Proceeding of the 18th International conference on Advanced Information Networking and Application (AINA’04).
  7. Kavado, Inc. “InterDo Version 3.0.” Kavado Whitepaper, 2003.
Index Terms

Computer Science
Information Sciences

Keywords

XSS attacks SQL injection Client side solution

Powered by PhDFocusTM