Cross-site scripting (XSS) attacks and mitigation: A survey

Abstract

The results of the Cisco 2018 Annual Security Report show that all analyzed web applications have at least one vulnerability. It also shows that web attacks are becoming more frequent, specific and sophisticated. According to this report, 40% of all attack attempts lead to a method known as Cross-Site Scripting (XSS), which was the most widely used technique. According to the OWASP Top 10 - 2017 security risk, this type of attack is ranked No. 7, and it is noted that XSS is present in approximately two thirds of all web applications.This attack occurs when a malicious user uses a web application to execute or send malicious code on another user’s computer. Also, Cross Site Scripting is a type of cyber attack by which vulnerabilities are searched in a web application to introduce a harmful script. This implies that user information can be affected by stealing cookies, phishing, or attacking a company’s entire network.In this context, we have analyzed a total of 67 documents to collect information of the tools and methods that the scientific community has used to detect and mitigate these type of attack. It has been hypothesized that the trend in the proposal of traditional methods to mitigate XSS attacks is greater than the proposals that use some artificial intelligence technique. Our results show that the trend is increasing in the proposals that analyze the content of web pages (13.20%), as well as those that serve as a toolkit for web browsers (16.98%). Also, we have found that there is a low tendency in the use of artificial intelligence techniques to detect or mitigate this attack, using Web Classifiers (9.43%).