| 000 | 01803nam a22001457a 4500 | ||
|---|---|---|---|
| 008 | 210802b ||||| |||| 00| 0 eng d | ||
| 100 |
_aNTUK, Anderson Emmanuel _98492 |
||
| 245 | _aA DETECTION OF CROSS-SITE SCRIPTING ATTACK USING DYNAMIC ANALYSIS AND FUZZY INFERENCE SYSTEM | ||
| 250 | _aMr. O . J. Falana | ||
| 260 |
_aIbafo _bComputer science and Mathematics _c2019 |
||
| 300 |
_aix; 70 _bdia, tables |
||
| 520 | _aThe rising population of security problems today’s Web applications is caused by injected codes, with cross-site scripting (XSS) attacks being the most common and dangerous web application attacks through the second millennium, with its drastic crumbling effect on popular sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web applications to completely eradicate the vulnerabilities because of its difficulty to properly sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected on time and fixed leaving users to be exposed to numerous attacks and thefts of personal information. This work discusses on the various XSS, its types, its detection and prevention mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective solutions to be met. Firstly, the detection systems scans website for discovering potential points for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to web application. Lastly scans the HTTP response for presence of Attack vectors. Detection capability of our detection system is evaluated on real world web applications and desired results were obtained | ||
| 650 |
_aComputer Science _91105 |
||
| 942 | _cTHS | ||
| 999 |
_c5963 _d5963 |
||