Title: Plague of cross-site scripting on web applications: a review, taxonomy and challenges

Authors: Pooja Chaudhary; B.B. Gupta

Addresses: Department of Computer Engineering, National Institute of Technology, Kurukshetra Haryana, India ' Department of Computer Engineering, National Institute of Technology, Kurukshetra Haryana, India

Abstract: Now a day, web applications are developed by incorporating the advanced latest technologies on the client-side (e.g. AJAX, JavaScript, JFlash, etc.) and as well as server side (CGI, PHP and ASP) for enhancing the user experience of web applications with enhanced interactive response. Since these technologies are used to deliver critical services, they also turn out to be precious target for the attackers. Moreover cross-site scripting (XSS) attack is the topmost vulnerability found in the web applications. This paper presents a survey on the XSS worms on the real world web applications and the platforms of online social network. Numerous existing categories of XSS worms are discussed with the key goal to identify the exploitation of XSS worms on different platforms of web applications.

Keywords: code-injection attacks; JavaScript code; online application vulnerabilities; cross-site scripting attack; taint tracking; code instrumentation.

DOI: 10.1504/IJWBC.2018.090916

International Journal of Web Based Communities, 2018 Vol.14 No.1, pp.64 - 93

Received: 21 Jul 2016
Accepted: 13 Nov 2016

Published online: 16 Mar 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article