کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
6884672 1444342 2018 52 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
A survey of detection methods for XSS attacks
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
A survey of detection methods for XSS attacks
چکیده انگلیسی
Cross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web applications since the early 2000s. It is a code injection attack on the client-side where an attacker injects malicious payload into a vulnerable Web application. The attacker is often successful in eventually executing the malicious code in an innocent user's browser without the user's knowledge. With an XSS attack, an attacker can perform malicious activities such as cookie stealing, session hijacking, redirection to other malicious sites, downloading of unwanted software and spreading of malware. The primary categories of XSS attacks are: non-persistent and persistent XSS attacks. This survey focuses on studying comprehensively, the detection methods available in the literature for XSS attacks. The detection methods discussed in this study are classified according to their deployment sites and further sub-classified according to the analysis mechanism they employ. Along with discussing the pros and cons of each method, this survey also presents a list of tools that support detection of XSS attacks. We also discuss in detail three preconditions that has to be met in order to successfully launch an XSS attack. One of the prime objectives of this survey is to identify a list of issues and open research challenges. This survey can be used as a foundational reading manual by anyone wishing to understand, assess, establish or design a detection mechanism to counter XSS attack.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Journal of Network and Computer Applications - Volume 118, 15 September 2018, Pages 113-143
نویسندگان
, , ,