This paper describes the security attacks and specially focuses on Cross Site Scripting attacks. It further also discusses types and several counter measures. The major problem faced by the web application is the parameter manipulation, through which the attackers are aiming to access the database. Generally web applications maintain same structure and value. In that, required information is being accessed by the identical variables and keywords through web parameters. Parameter manipulation is the major issue in the web application used by the attacker to manipulate the parameter being sent by the browser and executed by the server. These vulnerabilities occur after the string gets returned to the user's web browser by a susceptible web application. Therefore, to prevent XSS vulnerabilities, it is obligatory to prepare preventative measures to protect the parsing processing in the web browser so that there is no influence even from the effect of the string prepared by the attacker.

1. R.Bhatti, E.Bertino, A. Ghafoor, J.B.D Joshi, "Xml-Based Specification for Web Services Document Security," Computer , vol.37, no.4, pp. 41- 49, April 2004.
2. Hung-Yu Chien, "Forgery Attacks On Digital Signature Schemes Without Using One-Way Hash and Message Redundancy," Communications Letters, IEEE , vol.10, no.5, pp. 324- 325, May 2006
3. M.Curphey, R. Arawo, "Web Application Security Assessment Tools," Security & Privacy, IEEE , vol.4, no.4, pp.32-41, July-Aug. 2006
4. L. Desmet, P. Verbaeten, W. Joosen, F.Piessens, "Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies," Software Engineering, IEEE Transactions on , vol.34, no.1, pp.50-64, Jan.-Feb. 2008
5. E.Galan, A. Alcaide, A. Orfila, J. Blasco, "A Multi-Agent Scanner To Detect Stored-XSS Vulnerabilities," Internet Technology and Secured Transactions (ICITST), 2010 International Conference for , vol., no., pp.1-6, 8-11 Nov. 2010.
6. M.T Gebre,.; Kyung-Suk Lhee; ManPyo Hong; , "A Robust Defense Against Content-Sniffing XSS Attacks," Digital Content, Multimedia Technology and its Applications (IDC), 2010 6th International Conference on , vol., no., pp.315-320, 16-18 Aug. 2010.
7. W.G.J Halfond, A.Orso, P. Manolios, “WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation," Software Engineering, IEEE Transactions on , vol.34, no.1, pp.65-81, Jan.-Feb. 2008
8. T. Holz, S. Marechal, F. Raynal, "New Threats and Attacks on the World Wide Web," Security & Privacy, IEEE , vol.4, no.2, pp.72-75, March-April 2006.
9. M. Hondo, N. Nagaratnam, A. Nadalin, "Securing Web Services," IBM Systems Journal , vol.41, no.2, pp.228-241, 2002.
10. G.Iha, H. Doi, "An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers," Availability, Reliability and Security, 2009. ARES '09. International Conference on , vol., no., pp.966-971, 16-19 March 2009.
11. O.Ismail, M. Etoh,Y. Kadobayashi,S. Yamaguchi, "A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability," Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on , vol.1, no., pp. 145- 151 Vol.1, 2004
12. M.Johns, B.Engelmann, J.Posegga, "XSSDS: Server-Side Detection of Cross-Site Scripting Attacks," Computer Security Applications Conference, 2008. ACSAC 2008. Annual , vol., no., pp.335-344, 8-12 Dec. 2008.
13. Nenad Jovanovic,; Engin Kirda,; Christopher Kruegel,;"Preventing Cross Site Request Forgery Attacks," Securecomm and Workshops, 2006 , vol., no., pp.1-10, Aug. 28 2006-Sept. 2006.
14. A.Kieyzun, P.J. Guo,K. Jayaraman, M.D. Ernst, "Automatic Creation of SQL Injection And Cross-Site Scripting Attacks," Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on , vol., no., pp.199-209, 16-24 May 2009.
15. M.Ter Louw, V.N Venkatakrishnan, "Blueprint: Robust Prevention of Cross-Site Scriping Attacks for Existing Browsers," Security and Privacy, 2009 30th IEEE Symposium on , vol., no., pp.331-346, 17-20 May 2009
16. Meier, J.D, "Web Application Security Engineering," Security & Privacy, IEEE, vol.4, no.4, pp.16-24, July-Aug. 2006
17. Nichols, E.A.; Peterson, G.; , "A Metrics Framework to Drive Application Security Improvement," Security & Privacy, IEEE , vol.5, no.2, pp.88-91, March-April 2007.
18. Schneier, B, "The Death of the Security Industry," Security & Privacy, IEEE , vol.5, no.6, pp.88, Nov.-Dec. 2007
19. D. Scott, R. Sharp, "Specifying and enforcing application-level Web security policies," Knowledge and Data Engineering, IEEE Transactions on , vol.15, no.4, pp. 771- 783, July-Aug. 2003
20. J .Shanmugam, M.Ponnavaikko, "XSS Application Worms: New Internet Infestation and Optimized Protective Measures," Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. SNPD 2007. Eighth ACIS International Conference on , vol.3, no., pp.1164-1169, July 30 2007-Aug. 1 2007.
21. J.Shanmugam, M.Ponnavaikko, "Risk mitigation for cross site scripting attacks using signature based model on the server side," Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums on , vol., no., pp.398-405, 13-15 Aug2007.
22. J.Shanmugam, M.Ponnavaikko, "Behavior-Based Anomaly Detection on the Server Side to Reduce the Effectiveness of Cross Site Scripting Vulnerabilities," Semantics, Knowledge and Grid, Third International Conference on , vol., no., pp.350-353, 29-31 Oct. 2007
23. S.Tiwari, R.Bansal, D.Bansal, "Optimized client side solution for cross site scripting," Networks, 2008. ICON 2008. 16th IEEE International Conference on , vol., no., pp.1-4, 12-14 Dec. 2008
24. Wei Yu; Nan Zhang; Xinwen Fu; Bettati, R.; Wei Zhao, "Localization Attacks to Internet Threat Monitors: Modeling and Countermeasures," Computers, IEEE Transactions on , vol.59, no.12, pp.1655-1668, Dec. 2010
25. P.Wurzinger, C.Platzer, C. Ludl, E. Kirda, C Kruegel, "SWAP: Mitigating XSS attacks using a reverse proxy," Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on , vol., no., pp.33-39, 19-19 May 2009.
26. Yi Xie; Shun-Zheng Yu; , "Monitoring the Application-Layer DDoS Attacks for Popular Websites," Networking, IEEE/ACM Transactions on , vol.17, no.1, pp.15-25, Feb. 2009
27. Qianjie Zhang, Hao Chen, Jianhua Sun, "An execution-flow based method for detecting Cross-site Scripting attacks," Software Engineering and Data Mining (SEDM), 2010 2nd International Conference on , vol., no., pp.160-165, 23-25 June 2010
28. Qi Zhenyu, Xu Jing, Li Baoguo, Tan Fang, "MBDS: Model-based detection system for Cross Site Scripting," Wireless, Mobile and Sensor Networks, 2007. (CCWMSN07). IET Conference on , vol., no., pp.849-852, 12-14 Dec. 2007.

Cross Site Scripting web application parameter manipulation XSS vulnerabilities