文章基本信息

标题：Cross Site Scripting (XSS): The dark side of HTML
本地全文：下载
作者：Junaid Latief Shah ; Asif Iqbal Khan
期刊名称：International Journal of Engineering and Computer Science
印刷版ISSN：2319-7242
出版年度：2014
卷号：3
期号：3
页码：4066-4068
出版社：IJECS
摘要：In recent times, web remains the preferred platform for users to carry out their business activities. The migration of applications to web has been rapid ranging from applications like E-commerce, Public forum, E-governance, E-banking, Shopping Portals or any other applications running on the web. Web Applications have increased its usage because of easy accessibility to different users around the world. But as the usage of the web has increased, it has also given an undesirable or dark side to the usage of html. Cross-site scripting (XSS) attacks continue to remain the topmost threat to web apps, databases and websites around the world for a considerable amount of time now. A survey of about 15 million cyber attacks in the third quarter of 2012 has revealed that most of these attacks are XSS based. Although attacks like SQL Injection, CSRF and Phishing are also common, XSS still remains the preferred technique for hackers to carry out malicious activities on web. This paper discusses about XSS attacks, their operation and different categories of XSS attacks. The paper also highlights the mitigation scenario and techniques possible for prevention.
关键词：Cross Site Scripting (XSS); SQL Injection; CSRF; Phishing; Cyber Attacks