| Summary, etc |
The rising population of security problems today’s Web applications is caused by injected<br/>codes, with cross-site scripting (XSS) attacks being the most common and dangerous web<br/>application attacks through the second millennium, with its drastic crumbling effect on popular<br/>sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web<br/>applications to completely eradicate the vulnerabilities because of its difficulty to properly<br/>sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected<br/>on time and fixed leaving users to be exposed to numerous attacks and thefts of personal<br/>information. This work discusses on the various XSS, its types, its detection and prevention<br/>mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic<br/>Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective<br/>solutions to be met. Firstly, the detection systems scans website for discovering potential points<br/>for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to<br/>web application. Lastly scans the HTTP response for presence of Attack vectors. Detection<br/>capability of our detection system is evaluated on real world web applications and desired<br/>results were obtained |
