A DETECTION OF CROSS-SITE SCRIPTING ATTACK USING DYNAMIC ANALYSIS AND FUZZY INFERENCE SYSTEM
Material type:
TextPublisher: Ibafo Computer science and Mathematics 2019Edition: Mr. O . J. FalanaDescription: ix; 70 dia, tablesSubject(s): Computer ScienceSummary: The rising population of security problems today’s Web applications is caused by injected
codes, with cross-site scripting (XSS) attacks being the most common and dangerous web
application attacks through the second millennium, with its drastic crumbling effect on popular
sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web
applications to completely eradicate the vulnerabilities because of its difficulty to properly
sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected
on time and fixed leaving users to be exposed to numerous attacks and thefts of personal
information. This work discusses on the various XSS, its types, its detection and prevention
mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic
Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective
solutions to be met. Firstly, the detection systems scans website for discovering potential points
for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to
web application. Lastly scans the HTTP response for presence of Attack vectors. Detection
capability of our detection system is evaluated on real world web applications and desired
results were obtained
| Current location | Call number | Status | Date due | Barcode | Item holds |
|---|---|---|---|---|---|
| Main Library Reference | Not for loan | 15010301023 |
The rising population of security problems today’s Web applications is caused by injected
codes, with cross-site scripting (XSS) attacks being the most common and dangerous web
application attacks through the second millennium, with its drastic crumbling effect on popular
sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web
applications to completely eradicate the vulnerabilities because of its difficulty to properly
sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected
on time and fixed leaving users to be exposed to numerous attacks and thefts of personal
information. This work discusses on the various XSS, its types, its detection and prevention
mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic
Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective
solutions to be met. Firstly, the detection systems scans website for discovering potential points
for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to
web application. Lastly scans the HTTP response for presence of Attack vectors. Detection
capability of our detection system is evaluated on real world web applications and desired
results were obtained
There are no comments on this title.