Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey
Open Access
- 1 January 2022
- journal article
- research article
- Published by Scientific Research Publishing, Inc. in International Journal of Communications, Network and System Sciences
- Vol. 15 (08), 126-148
- https://doi.org/10.4236/ijcns.2022.158010
Abstract
The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers’ defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.Keywords
This publication has 70 references indexed in Scilit:
- XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript CodeArabian Journal for Science and Engineering, 2015
- From Facepalm to Brain BenderPublished by Association for Computing Machinery (ACM) ,2015
- Protecting the Augmented Browser Extension from Mutation Cross-Site ScriptingPublished by Springer Science and Business Media LLC ,2015
- DexterJS: robust testing platform for DOM-based XSS vulnerabilitiesPublished by Association for Computing Machinery (ACM) ,2015
- Improved N-gram approach for cross-site scripting detection in Online Social NetworkPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Detecting cross site scripting vulnerabilities introduced by HTML5Published by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- KameleonFuzzPublished by Association for Computing Machinery (ACM) ,2014
- Detecting Cross-Site Scripting Vulnerability Using Concolic TestingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- 25 million flows laterPublished by Association for Computing Machinery (ACM) ,2013
- FlashOverPublished by Association for Computing Machinery (ACM) ,2012