MC

Current Trends in Science and Technology

an Open Access Publication ISSN: 0976-9730 | 0976-9498

Engineering and Technology

Cross-Site Scripting Attack Detection Methods and Implications: A Review

Kailash Patidar
Department of Computer Science Engineering, Sri Satya Sai University of Technology & Medical Sciences, Sehore HOD CSE/IT
Online First: January 14, 2018
| Google Scholar

Abstract

At the point when information is transferred from any methods for information correspondence, information might be spilled or assaulted. Cross-site scripting (XSS) attacks are the most helpless sorts of assault discovered now days. It engages aggressors to inject client side content into Web pages saw by various customers. By the assistance of this sort of infusion you can control the page by embeddings, refreshing and altering the information. SQL Injection attacks are effectively conceivable in PHP, JSP and ASP interfaces. It is so direct results of the more seasoned capacity interface. If there should be an occurrence of Java/J2EE and ASP. Net interface it isn't so natural on account of the programmable interfaces. The principle bothers because of the attacks are: Confidentiality, Authentication, Authorization and Integration. On the off chance that the site is information driven, SQL Injection attacks are anything but difficult to utilize. So because of the above attributes controlling the attacks parameters are basic. Our paper fundamental point is to avert and identify diverse sorts of assault. So for this implies investigation and study has been exhibited.

Keyword : Cross-site scripting (XSS), SQL injection attack, attack detection, PHP, J2EE, JSP.

  Submitted
Jan 14, 2018
Published
Jan 14, 2018
Abstract Views
299
PDF Downloads
185
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

References

1. Hydara I, Sultan AB, Zulzalil H, Admodisastro N. Current state of research on cross-site scripting (XSS)–A systematic literature review. Information and Software Technology. 2015; 58:170-86. 2. Conteh NY, Schmick PJ. Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research. 2016; 6(23):31. 3. Manimaran A, Durairaj M. The conjectural framework for detecting DDoS attack using enhanced entropy based threshold technique (EEB-TT) in cloud environment. International Journal of Advanced Computer Research. 2016; 6(27):230. 4. Gupta S. Secure and Automated Communication in Client and Server Environment. International Journal of Advanced Computer Research. 2013; 3(4):263. 5. Asmawi A, Sidek ZM, Razak SA. System architecture for SQL injection and insider misuse detection system for DBMS. In Information Technology, 2008. ITSim 2008. International Symposium on 2008 (Vol. 4, pp. 1-6). IEEE. 6. Dubey A, Gupta R, Chandel GS. An efficient partition technique to reduce the attack detection time with web based text and pdf files. International Journal of Advanced Computer Research. 2013; 3(1):9. 7. Kemalis K, Tzouramanis T. SQL-IDS: a specification-based approach for SQL-injection detection. In Proceedings of the 2008 ACM symposium on Applied computing 2008 (pp. 2153-2158). ACM. 8. Kiani M, Clark A, Mohay G. Evaluation of anomaly based character distribution models in the detection of SQL injection attacks. In Availability, Reliability and Security, 2008. Third International Conference on 2008 Mar 4 (pp. 47-55). IEEE. 9. Shukla N. Data mining based result analysis of document fraud detection. International Journal of Advanced Technology and Engineering Exploration (IJATEE). 2014; 1(1):21-5. 10. Qadri SI, Pandey K. Tag based client side detection of content sniffing attacks with file encryption and file splitter technique. International Journal of Advanced Computer Research. 2012; 2(3):5. 11. Thakur BS, Chaudhary S. Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research. 2013; 3(2):7. 12. Valeur F, Mutz D, Vigna G. A learning-based approach to the detection of SQL attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment 2005 (pp. 123-140). Springer Berlin Heidelberg. 13. Ezumalai R, Aghila G. Combinatorial approach for preventing SQL injection attacks. In Advance Computing Conference, 2009. IACC 2009. IEEE International 2009 (pp. 1212-1217). IEEE. 14. Junjin M. An approach for SQL injection vulnerability detection. In Information Technology: New Generations, 2009. ITNG'09. Sixth International Conference on 2009 Apr 27 (pp. 1411-1414). IEEE. 15. Kaushik M, Ojha G. Attack penetration system for SQL injection. International journal of advanced computer research. 2014; 4(2):724. 16. Lakhtaria KI. Protecting computer network with encryption technique: A Study. In International Conference on Ubiquitous Computing and Multimedia Applications 2011 (pp. 381-390). Springer Berlin Heidelberg. 17. Chhajed U, Kumar A. Detecting cross-site scripting vulnerability and performance comparison using C-Time and E-Time. International Journal of Advanced Computer Research. 2014; 4(2):733. 18. Stallings W. Cryptography and network security: principles and practices. Pearson Education India; 2006. 19. Shannon CE. Communication theory of secrecy systems. Bell Labs Technical Journal. 1949; 28(4):656-715. 20. Dubey AK, Dubey AK, Namdev M, Shrivastava SS. Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment. In Software Engineering (CONSEG), 2012 CSI Sixth International Conference on 2012 Sep 5 (pp. 1-8). IEEE. 21. Dubey AK, Dubey AK, Agarwal V, Khandagre Y. Knowledge discovery with a subset-superset approach for Mining Heterogeneous Data with dynamic support. In Software Engineering (CONSEG), 2012 CSI Sixth International Conference on 2012 Sep 5 (pp. 1-6). IEEE. 22. Khare P, Gupta H. Finding frequent pattern with transaction and occurrences based on density minimum support distribution. International Journal of Advanced Computer Research (IJACR). 2012; 2(3):5. 23. Garcia-Alfaro J, Navarro-Arribas G. Prevention of cross-site scripting attacks on current web applications. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems" 2007 Nov 25 (pp. 1770-1784). Springer Berlin Heidelberg. 24. Athanasopoulos E, Krithinakis A, Markatos EP. Hunting cross-site scripting attacks in the network. InW2SP 2010: Web 2.0 Security and Privacy Workshop 2010 (pp. 89-92). 25. Sadeghian A, Zamani M, Manaf AA. A taxonomy of SQL injection detection and prevention techniques. InInformatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 (pp. 53-56). IEEE. 26. Sadeghian A, Zamani M, Ibrahim S. SQL injection is still alive: a study on SQL injection signature evasion techniques. In Informatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 Sep 4 (pp. 265-268). IEEE. 27. Sadeghian A, Zamani M, Abdullah SM. A taxonomy of SQL injection attacks. In Informatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 (pp. 269-273). IEEE. 28. Nithya V, Pandian SL, Malarvizhi C. A Survey on Detection and Prevention of Cross-Site Scripting Attack. International Journal of Security and Its Applications. 2015; 9(3):139-52. 29. Gupta N. XSS Defense: An Approach for Detecting and Preventing Cross Site Scripting Attacks. Compusoft. 2015; 4(3):1564. 30. Maheswari KG, Anita R. A dynamic tool for detection of XSS attacks in a real-time environment. ARPN Journal of Engineering and Applied Sciences. 2015; 10 (10): 4627-34. 31. Rohilla M,Kumar R, Gopal G. XSS attacks: analysis, prevention & detection. International Journal of Advanced Research in Computer Science and Software Engineering. 2016; 6(6): 264-71. 32. Nugraha B, Khondoker R, Marx R, Bayarou K. A mutual key agreement protocol to mitigate replaying attack in expressive internet architecture (XIA). InITU Kaleidoscope Academic Conference: Living in a converged world-Impossible without standards? Proceedings of the 2014 2014 Jun 3 (pp. 233-240). IEEE.
Downloads

Downloads

Download data is not yet available.

References

1. Hydara I, Sultan AB, Zulzalil H, Admodisastro N. Current state of research on cross-site scripting (XSS)–A systematic literature review. Information and Software Technology. 2015; 58:170-86.
2. Conteh NY, Schmick PJ. Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research. 2016; 6(23):31.
3. Manimaran A, Durairaj M. The conjectural framework for detecting DDoS attack using enhanced entropy based threshold technique (EEB-TT) in cloud environment. International Journal of Advanced Computer Research. 2016; 6(27):230.
4. Gupta S. Secure and Automated Communication in Client and Server Environment. International Journal of Advanced Computer Research. 2013; 3(4):263.
5. Asmawi A, Sidek ZM, Razak SA. System architecture for SQL injection and insider misuse detection system for DBMS. In Information Technology, 2008. ITSim 2008. International Symposium on 2008 (Vol. 4, pp. 1-6). IEEE.
6. Dubey A, Gupta R, Chandel GS. An efficient partition technique to reduce the attack detection time with web based text and pdf files. International Journal of Advanced Computer Research. 2013; 3(1):9.
7. Kemalis K, Tzouramanis T. SQL-IDS: a specification-based approach for SQL-injection detection. In Proceedings of the 2008 ACM symposium on Applied computing 2008 (pp. 2153-2158). ACM.
8. Kiani M, Clark A, Mohay G. Evaluation of anomaly based character distribution models in the detection of SQL injection attacks. In Availability, Reliability and Security, 2008. Third International Conference on 2008 Mar 4 (pp. 47-55). IEEE.
9. Shukla N. Data mining based result analysis of document fraud detection. International Journal of Advanced Technology and Engineering Exploration (IJATEE). 2014; 1(1):21-5.
10. Qadri SI, Pandey K. Tag based client side detection of content sniffing attacks with file encryption and file splitter technique. International Journal of Advanced Computer Research. 2012; 2(3):5.
11. Thakur BS, Chaudhary S. Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research. 2013; 3(2):7.
12. Valeur F, Mutz D, Vigna G. A learning-based approach to the detection of SQL attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment 2005 (pp. 123-140). Springer Berlin Heidelberg.
13. Ezumalai R, Aghila G. Combinatorial approach for preventing SQL injection attacks. In Advance Computing Conference, 2009. IACC 2009. IEEE International 2009 (pp. 1212-1217). IEEE.
14. Junjin M. An approach for SQL injection vulnerability detection. In Information Technology: New Generations, 2009. ITNG'09. Sixth International Conference on 2009 Apr 27 (pp. 1411-1414). IEEE.
15. Kaushik M, Ojha G. Attack penetration system for SQL injection. International journal of advanced computer research. 2014; 4(2):724.
16. Lakhtaria KI. Protecting computer network with encryption technique: A Study. In International Conference on Ubiquitous Computing and Multimedia Applications 2011 (pp. 381-390). Springer Berlin Heidelberg.
17. Chhajed U, Kumar A. Detecting cross-site scripting vulnerability and performance comparison using C-Time and E-Time. International Journal of Advanced Computer Research. 2014; 4(2):733.
18. Stallings W. Cryptography and network security: principles and practices. Pearson Education India; 2006.
19. Shannon CE. Communication theory of secrecy systems. Bell Labs Technical Journal. 1949; 28(4):656-715.
20. Dubey AK, Dubey AK, Namdev M, Shrivastava SS. Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment. In Software Engineering (CONSEG), 2012 CSI Sixth International Conference on 2012 Sep 5 (pp. 1-8). IEEE.
21. Dubey AK, Dubey AK, Agarwal V, Khandagre Y. Knowledge discovery with a subset-superset approach for Mining Heterogeneous Data with dynamic support. In Software Engineering (CONSEG), 2012 CSI Sixth International Conference on 2012 Sep 5 (pp. 1-6). IEEE.
22. Khare P, Gupta H. Finding frequent pattern with transaction and occurrences based on density minimum support distribution. International Journal of Advanced Computer Research (IJACR). 2012; 2(3):5.
23. Garcia-Alfaro J, Navarro-Arribas G. Prevention of cross-site scripting attacks on current web applications. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems" 2007 Nov 25 (pp. 1770-1784). Springer Berlin Heidelberg.
24. Athanasopoulos E, Krithinakis A, Markatos EP. Hunting cross-site scripting attacks in the network. InW2SP 2010: Web 2.0 Security and Privacy Workshop 2010 (pp. 89-92).
25. Sadeghian A, Zamani M, Manaf AA. A taxonomy of SQL injection detection and prevention techniques. InInformatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 (pp. 53-56). IEEE.
26. Sadeghian A, Zamani M, Ibrahim S. SQL injection is still alive: a study on SQL injection signature evasion techniques. In Informatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 Sep 4 (pp. 265-268). IEEE.
27. Sadeghian A, Zamani M, Abdullah SM. A taxonomy of SQL injection attacks. In Informatics and Creative Multimedia (ICICM), 2013 International Conference on 2013 (pp. 269-273). IEEE.
28. Nithya V, Pandian SL, Malarvizhi C. A Survey on Detection and Prevention of Cross-Site Scripting Attack. International Journal of Security and Its Applications. 2015; 9(3):139-52.
29. Gupta N. XSS Defense: An Approach for Detecting and Preventing Cross Site Scripting Attacks. Compusoft. 2015; 4(3):1564.
30. Maheswari KG, Anita R. A dynamic tool for detection of XSS attacks in a real-time environment. ARPN Journal of Engineering and Applied Sciences. 2015; 10 (10): 4627-34.
31. Rohilla M,Kumar R, Gopal G. XSS attacks: analysis, prevention & detection. International Journal of Advanced Research in Computer Science and Software Engineering. 2016; 6(6): 264-71.
32. Nugraha B, Khondoker R, Marx R, Bayarou K. A mutual key agreement protocol to mitigate replaying attack in expressive internet architecture (XIA). InITU Kaleidoscope Academic Conference: Living in a converged world-Impossible without standards? Proceedings of the 2014 2014 Jun 3 (pp. 233-240). IEEE.
No Supplimentary Material available for this article.

Statistics from Altmetric.com

Statistics from Dimensions.ai

Statistics from PlumX


Related Articles

Related Authors

 



In Google Scholar

In International Journal of Current Trends in Science and Technology

In Google Scholar

 
  • Kailash Patidar

  • INDEXING AND ABSTRACTING