Name
Abstract | ||
|---|---|---|
As web applications become more prevalent, web security becomes more and more important. Cross-site scripting vulnerability abbreviated as XSS is a kind of common injection web vulnerability. The exploitation of XSS vulnerabilities can hijack users' sessions, modify, read and delete business data of web applications, place malicious codes in web applications, and control victims to attack other targeted servers. This paper discusses classification of XSS, and designs a demo website to demonstrate attack processes of common XSS exploitation scenarios. The paper also compares and analyzes recent research results on XSS detection, divides them into three categories according to different mechanisms. The three categories are static analysis methods, dynamic analysis methods and hybrid analysis methods. The paper classifies 30 detection methods into above three categories, makes overall comparative analysis among them, lists their strengths and weaknesses and detected XSS vulnerability types. In the end, the paper explores some ways to prevent XSS vulnerabilities from being exploited. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/ACCESS.2019.2960449 | IEEE ACCESS |
Keywords | DocType | Volume |
Vulnerability detection, vulnerability exploitation, web security, XSS | Journal | 7 |
ISSN | Citations | PageRank |
2169-3536 | 0 | 0.34 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Miao Liu | 1 | 32 | 11.69 |
| Boyu Zhang | 2 | 0 | 0.34 |
| Wenbin Chen | 3 | 49 | 1.63 |
| Xunlai Zhang | 4 | 0 | 0.34 |