Security against cross site scripting (XSS) attacks

Abstract

Database based Web applications have been widely incorporated on the Internet and organizations use these services to provide a broad range of services to people. Along with the growing of the internet, there has been a surge in attacks that target these applications. In typical cross site scripting the target views a website which contains code inserted into the HTML which was not written by the website designer or administrator. This bypasses the document object model which was intended to protect domain specific cookies (sessions, settings, etc.). In most instances the target will sent a link to a website on the server which the target has a legitimate account and by viewing that website the attackers malicious code is executed (commonly JavaScript is used to sent the user's cookie to a third party server, in effect stealing their session and their account). This was a quick overview of cross site scripting. The purpose of this document is to avoid/Mitigate cross site scripting attacks which are very popularly used by hackers nowadays. This type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. By this document we are trying to mitigate XSS attack on server side using signature based model for the better security of Website's owner.