Abstract

Securing the web application against hacking is a big challenge. One of the common types of hacking techniques to attack the web application is cross-site scripting (XSS). Cross-site scripting vulnerabilities are being exploited by the attackers to steal web browser’s resources, such as cookies, credentials, etc., by injecting the malicious JavaScript code on the victim's web applications. Since Web browsers support the execution of commands embedded in Web pages to enable dynamic Web pages, attackers can make use of this feature to enforce the execution of malicious code in a user's Web browser. The analysis of detection and prevention of cross-site scripting (XSS) helps to avoid this type of attack. We describe a technique to detect and prevent this kind of manipulation and hence eliminate cross-site scripting attacks. Keywords: cross-side scripting; web security; XSS attacks; detection