Abstract
As web applications become more prevalent, web security becomes more and more important. Cross-site scripting vulnerability abbreviated as XSS is a kind of common injection web vulnerability. The exploitation of XSS vulnerabilities can hijack users’ sessions, modify, read and delete business data of web applications, place malicious codes in web applications, and control victims to attack other targeted servers. This paper discusses classification of XSS, and designs a demo website to demonstrate attack processes of common XSS exploitation scenarios. The paper also compares and analyzes recent research results on XSS detection, divides them into three categories according to different mechanisms. The three categories are static analysis methods, dynamic analysis methods and hybrid analysis methods. The paper classifies 30 detection methods into above three categories, makes overall comparative analysis among them, lists their strengths and weaknesses and detected XSS vulnerability types. In the end, the paper explores some ways to prevent XSS vulnerabilities from being exploited.
Highlights
Cross-site scripting vulnerability is a kind of vulnerabilities that can endanger web applications by injecting malicious code, which is abbreviated as XSS to distinguish cascading style sheets(CSS)
In 2006, Bantown, a hacker organization, exploited the discovered XSS vulnerabilities to invade LiveJournal which is an online community with 2 million active users [3]
THE CLASSIFICATION OF XSS VULNERABILITIES According to untrusted user supplied data is included in an HTTP response generated by the server or is somewhere in the DOM of HTML pages, XSS vulnerabilities could be divided into server-side vulnerabilities and client-side vulnerabilities
Summary
Cross-site scripting vulnerability is a kind of vulnerabilities that can endanger web applications by injecting malicious code, which is abbreviated as XSS to distinguish cascading style sheets(CSS). As the Internet security threat report in 2019 shows [2], fishing attacks and form hijacking caused by exploiting XSS vulnerabilities bring huge losses to enterprises. Exploiting XSS vulnerabilities can cause many serious problems. In 2006, Bantown, a hacker organization, exploited the discovered XSS vulnerabilities to invade LiveJournal which is an online community with 2 million active users [3]. The attacker created a large number of URLs containing malicious code and lured users to click. When victims clicked these URLs, the attacker could get cookies from users and used these cookies to login the victims’ accounts. When users clicked on some promotion information in the website
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
