Conferences related to Cross-site Scripting

Back to Top

2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE)

The IEEE/ACM Automated Software Engineering (ASE) Conference series is the premier research forum for automated software engineering. Each year, it brings together researchers and practitioners from academia and industry to discuss foundations, techniques and tools for automating the analysis, design, implementation, testing, and maintenance of large software systems.


2020 IEEE Symposium on Security and Privacy (SP)

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2023 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2022 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2021 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2019 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2018 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2017 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains.

  • 2016 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains.

  • 2015 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains.

  • 2014 IEEE Symposium on Security and Privacy (SP)

    IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners.

  • 2013 IEEE Symposium on Security and Privacy (SP) Conference dates subject to change

    IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners.

  • 2012 IEEE Symposium on Security and Privacy (SP) Conference dates subject to change

    IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners.

  • 2011 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2010 IEEE Symposium on Security and Privacy (SP)

    S&P is interested in all aspects of computer security and privacy.

  • 2009 IEEE Symposium on Security and Privacy (SP)

    The IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2008 IEEE Symposium on Security and Privacy (SP)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

  • 2007 IEEE Symposium on Security and Privacy (SP)

    Research contributions in any aspect of computer security and electronic privacy including advances in the theory, design, implementation, analysis of empirical evaluation of secure systems.

  • 2006 IEEE Symposium on Security and Privacy (SP)

  • 2005 IEEE Symposium on Security and Privacy (SRSP)


2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE)

ICSE is the premier forum for researchers to present and discuss the most recent innovations,trends, outcomes, experiences, and challenges in the field of software engineering. The scopeis broad and includes all original and unpublished results of empirical, conceptual, experimental,and theoretical software engineering research.


2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST)

ICST 2019 is intended to provide a common forum for researchers, scientists, engineers and practitioners throughout the world to present their latest research findings, ideas, developments and applications in the area of Software Testing, Verification and Validation. Topics of interest include, but are not limited to:Testing theory and practice, Testing in globally-distributed organizations, Model-based testing, Model-driven engineering and testing, Domain specific testing, Quality assurance, Model checking, Formal verification, Fuzzing, Inspections, Testing and analysis tools, Design for testability, Testing education, Technology transfer in testing, Testing of open source, etc. Besides research track papers, the conference also include doctoral forum, software testing contest and various workshops.

  • 2018 IEEE International Conference on Software Testing, Verification and Validation (ICST)

    The (IEEE) International Conference on Software Testing Verification and Validation (ICST) offers an open forum for software testing, verification and validation research and its transfer to practice. One of the main goals of ICST is to bridge research and practice in software testing, verification, and validation. Furthermore, it aims at stimulating scientific research on model-based software testing, domain specific testing, empirical studies of testing techniques, and the technology transfer of research results to software development practices.

  • 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST)

    The 10th edition of the IEEE International Conference on Software Testing, Verification, and Validation (ICST) is the premier conference for research in all areas related to software quality. The ever increasing complexity, ubiquity, and dynamism of modern software systems is making software quality assurance activities, and in particular software testing and analysis, more challenging. ICST 2017 provides an ideal forum where academics, industrial researchers, and practitioners can present their latest approaches for ensuring the quality of today's complex software systems, exchange and discuss ideas, and compare experiences. In this spirit, ICST welcomes both research papers that present high quality original work and industry reports from practitioners that present real world experiences from which others can benefit.

  • 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST)

    ICST brings together researchers and practitioners for a conference that includes all aspects of software testing, verification, and validation. ICST includes research papers, industrial experience reports and presentations, tool demonstrations, and tutorials. For the research papers, ICST seeks high quality original work that has never been published and that advances the state of the art in software testing, verification and validation. For the industrial experience reports, ICST seeks papers and presentations that present real world experience from which others can benefit. Tool demonstrations are also welcome, especially those openly available for others to use. Finally, we are seeking tutorials that are relevant to both practitioners and researchers. See the specific calls for more details. Extended versions of the best papers from ICST conferences are regularly published in special editions of JSTVR.

  • 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST)

    The 8th edition of the IEEE International Conference on Software Testing, Verification, and Validation (ICST) is the premier conference for research in all areas related to software quality. The ever increasing complexity, ubiquity, and dynamism of modern software systems is making software quality assurance activities, and in particular software testing and analysis, more challenging. ICST 2015 provides an ideal forum where academics, industrial researchers, and practitioners can present their latest approaches for ensuring the quality of today

  • 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation (ICST)

    This conference is a premier conference in all areas related to software quality, including testing, inspection

  • 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation (ICST)

    ICST seeks to address the problems in verification and validation, by bringing together researchers and practitioners for a conference that includes all aspects of software testing, as it is most widely construed. Thus, ICST welcomes research papers as well as industrial experience reports from software development and testing practitioners.

  • 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST)

    ICST is the premier conference in all areas related to software quality, software quality assurance, software validation and verification, and software testing.

  • 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation (ICST)

    Testing, verification and validation activities are already flourishing areas with an active participation of a large community of researchers, experts, and industrialists. This community is highly aware of the importance and impact of testing on the future deployment and use of software and software intensive systems. As a leading software testing and verification&validation conference ICST has been very successful in bringing industry and research together to help shape the future of testing.

  • 2010 3rd IEEE International Conference on Software Testing, Verification and Validation (ICST)

    ICST bring industry and research together to help shape the future of software testing

  • 2009 2nd IEEE International Conference on Software Testing, Verification and Validation (ICST)

    ICST is the premier conference in all areas related to software quality. ICST bridges research and practice with tracks for research and industry papers, student papers, fast abstracts, and specilaized workshops.

  • 2008 1st IEEE International Conference on Software Testing, Verification and Validation (ICST)

    The new IEEE International Conference on Software Testing Verification and Validation (ICST) will offer an open forum for software testing, verification and validation research and its transfer to practice. Among other things, it aims at stimulating scientific research on model-based software testing, domain specific testing, empirical studies of testing techniques, and the technology transfer of research results to software development practices.


2019 21st International Conference on Advanced Communication Technology (ICACT)

With technically co-sponsored by IEEE ComSoc(Communications Society), IEEE ComSocCISTC(Communications & Information Security Technical Community), and IEEE ComSocONTC(Optical Networking Technical Community), the ICACT(International Conference onAdvanced Communications Technology) Conference has been providing an open forum forscholars, researchers, and engineers to the extensive exchange of information on newlyemerging technologies, standards, services, and applications in the area of the advancedcommunications technology. The conference official language is English. All the presentedpapers have been published in the Conference Proceedings, and posted on the ICACT Websiteand IEEE Xplore Digital Library since 2004. The honorable ICACT Out-Standing Paper Awardlist has been posted on the IEEE Xplore Digital Library also, and all the Out-Standing papersare subjected to the invited paper of the "ICACT Transactions on the Advanced Communications Technology" Journal issue by GIRI

  • 2018 20th International Conference on Advanced Communication Technology (ICACT)

    With technically co-sponsored by IEEE ComSoc(Communications Society), IEEE ComSoc CISTC(Communications & Information Security Technical Community), and IEEE ComSoc ONTC(Optical Networking Technical Community), the ICACT(International Conference on Advanced Communications Technology) Conference has been providing an open forum for scholars, researchers, and engineers to the extensive exchange of information on newly emerging technologies, standards, services, and applications in the area of the advanced communications technology. The conference official language is English. All the presented papers have been published in the Conference Proceedings, and posted on the ICACT Website and IEEE Xplore Digital Library since 2004. The honorable ICACT Out-Standing Paper Award list has been posted on the IEEE Xplore Digital Library also, and all the Out-Standing papers are subjected to the invited paper of the "ICACT Transactions on the Advanced Communications Technology" Journal issued by GIRI

  • 2017 19th International Conference on Advanced Communication Technology (ICACT)

    With technically co-sponsored by IEEE ComSoc(Communications Society), IEEE ComSoc CISTC(Communications & Information Security Technical Community), and IEEE ComSoc ONTC(Optical Networking Technical Community), the ICACT(International Conference on Advanced Communications Technology) Conference has been providing an open forum for scholars, researchers, and engineers to the extensive exchange of information on newly emerging technologies, standards, services, and applications in the area of the advanced communications technology. The conference official language is English. All the presented papers have been published in the Conference Proceedings, and posted on the ICACT Website and IEEE Xplore Digital Library since 2004. The honorable ICACT Out-Standing Paper Award list has been posted on the IEEE Xplore Digital Library also, and all the Out-Standing papers are subjected to the invited paper of the "ICACT Transactions on the Advanced Communications Technology" Journal issued by

  • 2016 18th International Conference on Advanced Communication Technology (ICACT)

    With technically co-sponsored by IEEE ComSoc(Communications Society), IEEE ComSoc CISTC(Communications & Information Security Technical Community), and IEEE ComSoc ONTC(Optical Networking Technical Community), the ICACT(International Conference on Advanced Communications Technology) Conference has been providing an open forum for scholars, researchers, and engineers to the extensive exchange of information on newly emerging technologies, standards, services, and applications in the area of the advanced communications technology. The conference official language is English. All the presented papers have been published in the Conference Proceedings, and posted on the ICACT Website and IEEE Xplore Digital Library since 2004. The honorable ICACT Out-Standing Paper Award list has been posted on the IEEE Xplore Digital Library also, and all the Out-Standing papers are subjected to the invited paper of the "ICACT Transactions on the Advanced Communications Technology" Journal issued by GiRI.

  • 2015 17th International Conference on Advanced Communication Technology (ICACT)

    With technically co-sponsored by IEEE ComSoc(Communications Society), IEEE ComSoc CISTC(Communications & Information Security Technical Community), and IEEE ComSoc ONTC(Optical Networking Technical Community), the ICACT(International Conference on Advanced Communications Technology) Conference has been providing an open forum for scholars, researchers, and engineers to the extensive exchange of information on newly emerging technologies, standards, services, and applications in the area of the advanced communications technology. The conference official language is English. All the presented papers have been published in the Conference Proceedings, and posted on the ICACT Website and IEEE Xplore Digital Library since 2004. The honorable ICACT Out-Standing Paper Award list has been posted on the IEEE Xplore Digital Library also, and all the Out-Standing papers are subjected to the invited paper of the "ICACT Transactions on the Advanced Communications Technology" Journal issued by GiRI.

  • 2014 16th International Conference on Advanced Communication Technology (ICACT)

    Technology, service, architecture, strategy, and policy in newly emerging system, standard, service, and variety of application on the area of telecommunications. ICACT 2014 provides an open forum for scholar, researcher, engineer, policy maker, network planner, and service provider in the advanced communication technologies.

  • 2013 15th International Conference on Advanced Communication Technology (ICACT)

    Technology, standard, service, architecture, strategy, and policy in newly emerging systems and a variety of applications in the area of communications. ICACT2013 provides an open forum for scholar, researcher, engineer, policy maker, network planner, and service provider in the advanced communications technologies.

  • 2012 14th International Conference on Advanced Communication Technology (ICACT)

    Technology, service, architecture, strategy, and policy in newly emerging systems, standards, service, and a variety of applications in the area of telecommunicatons. ICACT 2012 provides an open forum for scholars, researchers, engineers, policy makers, network planners, and service providers in the advanced communication technologies.

  • 2011 13th International Conference on Advanced Communication Technology (ICACT)

    International Conference on Advanced Communication Technology (ICACT) provides an open forum for researchers, engineers, policy, network planners, and service providers in the advanced communication technologies. Extensive exchange of information will be provided on newly emerging systems, standards, services, and variety of applications on the area of telecommunications.

  • 2010 12th International Conference on Advanced Communication Technology (ICACT)

    ICACT is an annual conference providing an open forum for researchers, engineers, network planners, and service providers in telecommunications. Extensive exchange of information will be provided on newly emerging systems, standards, services, and variety of applications in the area of telecommunications.

  • 2009 11th International Conference on Advanced Communication Technology (ICACT)

    ICACT is an annual conference providing an open forum for researchers, engineers, network planners, and service providers in telecommunications. Extensive exchange of information will be provided on newly emerging systems, standards, services, and variety of applications in the area of telecommunications.

  • 2008 10th International Conference Advanced Communication Technology (ICACT)

  • 2007 9th International Conference Advanced Communication Technology (ICACT)

  • 2006 8th International Conference Advanced Communication Technology (ICACT)

  • 2005 7th International Conference Advanced Communication Technology (ICACT)

  • 2004 6th International Conference Advanced Communication Technology (ICACT)


More Conferences

Periodicals related to Cross-site Scripting

Back to Top

Computer

Computer, the flagship publication of the IEEE Computer Society, publishes peer-reviewed technical content that covers all aspects of computer science, computer engineering, technology, and applications. Computer is a resource that practitioners, researchers, and managers can rely on to provide timely information about current research developments, trends, best practices, and changes in the profession.


Dependable and Secure Computing, IEEE Transactions on

The purpose of TDSC is to publish papers in dependability and security, including the joint consideration of these issues and their interplay with system performance. These areas include but are not limited to: System Design: architecture for secure and fault-tolerant systems; trusted/survivable computing; intrusion and error tolerance, detection and recovery; fault- and intrusion-tolerant middleware; firewall and network technologies; system management ...


Information Forensics and Security, IEEE Transactions on

Research on the fundamental contributions and the mathematics behind information forensics, information seurity, surveillance, and systems applications that incorporate these features.


Latin America Transactions, IEEE (Revista IEEE America Latina)

The IEEE Region 9 is releasing the IEEE Latin America Transactions to enable the publication of non-published and technically excellent papers from Latin American engineers, in Spanish or Portuguese languages. Engineers and researchers from Portugal and Spain (and others countries with the same language) are also very welcome to submit their proposals.


Security & Privacy, IEEE

IEEE Security & Privacy seeks to stimulate and track advances in security, privacy, and dependability and present these advances for a broad cross-section of academic researchers and industry practitioners. IEEE Security & Privacy aims to provide a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of security and dependability of computer-based systems, including legal ...



Most published Xplore authors for Cross-site Scripting

Back to Top

Xplore Articles related to Cross-site Scripting

Back to Top

Reducing attack surface corresponding to Type 1 cross-site scripting attacks using secure development life cycle practices

2018 Fourth International Conference on Advances in Electrical, Electronics, Information, Communication and Bio-Informatics (AEEICB), 2018

While because the range of web users have increased exponentially, thus has the quantity of attacks that decide to use it for malicious functions. The vulnerability that has become usually exploited is thought as cross-site scripting (XSS). Cross-site Scripting (XSS) refers to client-side code injection attack whereby a malicious user will execute malicious scripts (also usually stated as a malicious ...


Attacks on Web Application Caused by Cross Site Scripting

2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA), 2018

Cross Site Scripting (XSS) Attacks are as of now the most well known security issues in current web applications. The attacks which we are using will make use of vulnerabilities in the web applications. Cross-Site scripting (XSS) Attacks happen while getting to data in middle of the data transfer. Web proxy is used as one solution on client-side. Cross Site ...


Defending against common cyber attacks: Phishing and cross-site scripting

2018 International Symposium on Programming and Systems (ISPS), 2018

Social engineering is a very common method of deceiving people in the Cyberspace. Phishing is one of the most common attacks that the social engineers use to trick the users to reveal their confidential information. While various types of security schemes and Intrusion Detection Systems (IDSs) may be employed to mitigate other types of cyber-attacks, phishing cannot be thwarted only ...


A proposed approach for preventing cross-site scripting

2018 6th International Symposium on Digital Forensic and Security (ISDFS), 2018

In this paper, the great threat Cross-Site Scripting (XSS) is introduced that faced with the web pages. Because of the impacts of such web threats during design and developing web pages, web developers must be aware and have adequate knowledge about varies type of web attacks and how to prevent or mitigate them. Web developers should have knowledge about how ...


Model Checking for the Defense against Cross-Site Scripting Attacks

2012 International Conference on Computer Science and Service System, 2012

The scripting languages (mostly Java Script) have been widely used in the network application, for the sake of improvement of the user experience. This makes Cross-Site Scripting (XSS) attacks one of the most serious threats to Internet. A model checking method for the defense against cross-site scripting attacks is proposed in the paper. Bugs of the e-commercial website are found ...


More Xplore Articles

Educational Resources on Cross-site Scripting

Back to Top

IEEE-USA E-Books

  • Reducing attack surface corresponding to Type 1 cross-site scripting attacks using secure development life cycle practices

    While because the range of web users have increased exponentially, thus has the quantity of attacks that decide to use it for malicious functions. The vulnerability that has become usually exploited is thought as cross-site scripting (XSS). Cross-site Scripting (XSS) refers to client-side code injection attack whereby a malicious user will execute malicious scripts (also usually stated as a malicious payload) into a legitimate web site or web based application. XSS is amongst the foremost rampant of web based application vulnerabilities and happens once an internet based application makes use of un-validated or un-encoded user input at intervals the output it generates. In such instances, the victim is unaware that their data is being transferred from a website that he/she trusts to a different site controlled by the malicious user. In this paper we shall focus on type 1 or "non-persistent cross-site scripting". With non-persistent cross-site scripting, malicious code or script is embedded in a Web request, and then partially or entirely echoed (or "reflected") by the Web server without encoding or validation in the Web response. The malicious code or script is then executed in the client's Web browser which could lead to several negative outcomes, such as the theft of session data and accessing sensitive data within cookies. In order for this type of cross-site scripting to be successful, a malicious user must coerce a user into clicking a link that triggers the non-persistent cross-site scripting attack. This is usually done through an email that encourages the user to click on a provided malicious link, or to visit a web site that is fraught with malicious links. In this paper it will be discussed and elaborated as to how attack surfaces related to type 1 or "non-persistent cross-site scripting" attack shall be reduced using secure development life cycle practices and techniques.

  • Attacks on Web Application Caused by Cross Site Scripting

    Cross Site Scripting (XSS) Attacks are as of now the most well known security issues in current web applications. The attacks which we are using will make use of vulnerabilities in the web applications. Cross-Site scripting (XSS) Attacks happen while getting to data in middle of the data transfer. Web proxy is used as one solution on client-side. Cross Site Scripting (XSS) Attacks are anything but difficult to find and detect, yet hard to distinguish and counteract. This paper gives customer side answer for relieve cross site scripting Attacks. The client system performance is decreased which result in poor web surfing background. In this undertaking gives a customer side arrangement that uses a well ordered way to deal with ensure cross website scripting, without corrupting much the client's web perusing knowledge. Attackers accesses and manipulates the control system networks by using cross- site scripting. It exploits Web servers that arrival progressively produced Web pages or enable clients to post distinguishable substance.

  • Defending against common cyber attacks: Phishing and cross-site scripting

    Social engineering is a very common method of deceiving people in the Cyberspace. Phishing is one of the most common attacks that the social engineers use to trick the users to reveal their confidential information. While various types of security schemes and Intrusion Detection Systems (IDSs) may be employed to mitigate other types of cyber-attacks, phishing cannot be thwarted only by using those, even if the techniques are sophisticated. This is because, often the human mistakes are involved in the process of leakage of confidential data and information. Hence, awareness of the issue and controlled cyber behavior would be key to defending against phishing type attack. Another cyber-attack, Cross-Site Scripting (XSS) could also be tackled efficiently by using some Content Security Policy (CSP) which would work alongside the traditionally used security and defense mechanisms. The purpose of this talk is to share some research findings in these and relevant areas. Also, some information would be shared for the general readers of the topic. We would like to explore how the major portion of these types of attacks could be thwarted or mitigated just by observing some precautions while interacting in the Cyberspace.

  • A proposed approach for preventing cross-site scripting

    In this paper, the great threat Cross-Site Scripting (XSS) is introduced that faced with the web pages. Because of the impacts of such web threats during design and developing web pages, web developers must be aware and have adequate knowledge about varies type of web attacks and how to prevent or mitigate them. Web developers should have knowledge about how attackers attack websites and exploit weak points on websites during filling forms, registering and opening suspicious links or attachments in emails. The important of this subject is to provide great details and information about identifying impacting and protecting from these types of web threats. It aims to provide both web developers and users with enough knowledge while developing and using websites to prevent from such attacks and reduce them impacting and protecting from these types of web threats. It aims to provide both web developers and users with enough knowledge while developing and using websites to prevent from such attacks and reduce them. In this paper use PHP's functions to evaluate the efficiency of web pages for implementing it and to prevent XSS attack.

  • Model Checking for the Defense against Cross-Site Scripting Attacks

    The scripting languages (mostly Java Script) have been widely used in the network application, for the sake of improvement of the user experience. This makes Cross-Site Scripting (XSS) attacks one of the most serious threats to Internet. A model checking method for the defense against cross-site scripting attacks is proposed in the paper. Bugs of the e-commercial website are found and counterexamples are showed by model checking. An operation behavior is judged if it conforms to requirements of the website for legal behavior, so as to prevent XSS attacks from the point of operation. The automatic modeling algorithm for the HTML code is proposed and the case of the performance of the algorithm is presented.

  • Cross site scripting (XSS) attack detection using intrustion detection system

    Everyone is now relying on the Internet for our innumerable kind of work; this has increased the opportunity for attackers to corrupt data and make vulnerable. Nowadays diverse kind of attacks is being launched in Cyber Space among which Cross-Site Scripting (Web Application Attack) is amongst top attacks of all time. Proposed work, suggest an outline for a system that can detect Cross-Site Scripting (known as XSS) attack using Intrusion Detection system (IDS). This work focuses on the detection of XSS attack using intrusion detection system. Here attack signature is utilized to detect XSS attack. To test the usefulness and effectiveness of proposed work a proof of concept prototype has been implemented using SNORT IDS. It is observed that proposed system correctly detected XSS attack.

  • A context-sensitive approach for precise detection of cross-site scripting vulnerabilities

    Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context- sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.

  • ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities

    The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.

  • A mapping-based podel for preventing Cross site scripting and sql injection attacks on web application and its impact analysis

    Web applications provide vast category of functionalities and usefulness. As more and more sensitive data is available over the web, crackers are getting attracted in such data revealing which can root immense harm. SQL injection is one of such type of attack. This attack can be used to infiltrate the back-end of any web application that may lead to modification of database or disclosing significant information. Attacker can obfuscate the input given to the web application using Cross site scripting attack that may direct to distortion in the web page view. Three tier web applications can be categorized into static and dynamic web application for detecting and preventing these types of attacks. Mapping model in which requests are mapped on generated queries can be used productively to detect such kind of attacks and prevention logic can be applied for attack removal. The impact measurement of container based approach on the web server is measured using autobench tool, the parameters used are network throughput and response time.

  • Payload recognition and detection of Cross Site Scripting attack

    Web Application becomes the leading solution for the utilization of systems that need access globally, distributed, cost-effective, as well as the diversity of the content that can run on this technology. At the same time web application security have always been a major issue that must be considered due to the fact that 60% of Internet attacks targeting web application platform. One of the biggest impacts on this technology is Cross Site Scripting (XSS) attack, the most frequently occurred and are always in the TOP 10 list of Open Web Application Security Project (OWASP). Vulnerabilities in this attack occur in the absence of checking, testing, and the attention about secure coding practices. There are several alternatives to prevent the attacks that associated with this threat. Network Intrusion Detection System can be used as one solution to prevent the influence of XSS Attack. This paper investigates the XSS attack recognition and detection using regular expression pattern matching and a preprocessing method. Experiments are conducted on a testbed with the aim to reveal the behaviour of the attack.



Standards related to Cross-site Scripting

Back to Top

No standards are currently tagged "Cross-site Scripting"


Jobs related to Cross-site Scripting

Back to Top