Visible to the public Biblio

Filters: Keyword is cross site scripting attack  [Clear All Filters]
2017-04-20
Ambedkar, M. Dayal, Ambedkar, N. S., Raw, R. S..  2016.  A comprehensive inspection of cross site scripting attack. 2016 International Conference on Computing, Communication and Automation (ICCCA). :497–502.
Cross Site Scripting attack (XSS) is the computer security threat which allows the attacker to get access over the sensitive information, when the javaScript, VBScript, ActiveX, Flash or HTML which is embedded in the malicious XSS link gets executed. In this paper, we authors have discussed about various impacts of XSS, types of XSS, checked whether the site is vulnerable towards the XSS or not, discussed about various tools for examining the XSS vulnerability and summarizes the preventive measures against XSS.
Murtaza, S. M., Abid, A. S..  2016.  Automated white-list learning technique for detection of malicious attack on web application. 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :416–420.

Web application security has become crucially vital these days. Earlier "default allow" model was used to secure web applications but it was unable to secure web applications against plethora of attacks [1]. In contrast, more restricted security to the web applications is provided by default deny model which at first, builds a model for the particular application and then permits merely those requests that conform to that model while ignoring everything else. Besides this, a novel and effective methodology is followed that allows to analyze the validity of application requests and further results in the generation of semi structured XML cases for the web applications. Furthermore, mature and resilient XML cases are generated by employing learning techniques. This system will further be gauged by examining that XML file containing cases are in correct accordance with the XML format or not. Moreover, the distinction between malicious and non-malicious traffic is carried out carefully. Results have proved its efficacy of rule generation employing access traffic log of cross site scripting (XSS), SQL injection, HTTP Request Splitting, HTTP response splitting and Buffer overflow attacks.