Cross Site Scripting: Investigations in PHP Web Application

Web applications are now considered one of the common platforms to represent data and conducting service releases throughout the World Wide Web. A number of the most commonly utilised frameworks for web applications are written in PHP. They became main targets because a vast number of servers are running these applications throughout the world. This increase in web application utilisation has made it more attractive to both users and hackers. According to the latest web security reports and research, cross site scripting (XSS) is the most popular vulnerability in PHP web application. XSS is considered an injection type of attack, which results in the theft of sensitive data, cookies, and sessions. Several tools and approaches have focused on detecting this kind of vulnerability in PHP source code. However, it is still a current problem in PHP web applications. This paper describes the popularity of PHP technology among other technologies, and highlight the approaches used to detect the most common vulnerabilities on PHP web applications, which is XSS. In addition, the discussion and the conclusion with future direction of research within this domain are highlighted.