DOI QR코드

DOI QR Code

XSS Attack and Countermeasure: Survey

XSS 공격과 대응방안

  • Hong, Sunghyuck (Baekseok University, Division of Information and Communication)
  • 홍성혁 (백석대학교, 정보통신학부 정보보호 전공)
  • Received : 2013.10.15
  • Accepted : 2013.12.20
  • Published : 2013.12.28

Abstract

XSS is an attacker on the other party of the browser that is allowed to run the script. It is seized session of the users, or web site modulation, malicious content insertion, and phishing attack which is available. XSS attacks are stored XSS and reflected XSS. In that, two branch attacks. The form of XSS attacks are cookie sniffing, script encryption, bypass, the malignant cord diffusion, Key Logger, Mouse Sniffer, and addition of lie information addition. XSS attacks are target of attack by script language. Therefore, the countermeasure of XSS is presented and proposed to improve web security.

Keywords

XSS;Script;information Security;Web;URL

References

  1. Shaikh, F.B.; Haider, S., "Security threats in cloud computing," Internet Technology and Secured Transactions (ICITST), 2011 International Conference for , vol., no., pp.214-219, Dec. 11-14, 2011
  2. Open Web Application Security Project(OWASP). "OWASP Top 10 for 2013". 12 June, 2013.
  3. Shahriar, H.; Zulkernine, M., "S2XS2: A Server Side Approach to Automatically Detect XSS Attacks," Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on, vol., no., pp.7,14, Dec. 2011.
  4. Yi Wang; Zhoujun Li; Tao Guo, "Program Slicing Stored XSS Bugs in Web Application," Theoretical Aspects of Software Engineering (TASE), 2011 Fifth International Symposium on, vol., no., pp.191-194, Aug. 2011
  5. Chomsiri, T., "Sniffing Packets on LAN without ARP Spoofing," Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on , vol.2, no., pp. 472-477, Nov. 2008
  6. Hui Zhao; Wen Chen, "A Web Page Malicious Script Detection Method Inspired by the Process of Immunoglobulin Secretion," Intelligence Information Processing and Trusted Computing (IPTC), 2010 International Symposium on , vol., no., pp.241-245, Oct. 2010
  7. Mirtalebi, A.; Khayyambashi, M.R., "Enhancing security of Web service against WSDL threats," Emergency Management and Management Sciences (ICEMMS), 2011 2nd IEEE International Conference on , vol., no., pp. 920-923, Aug. 2011
  8. Bozic, J.; Wotawa, F., "XSS pattern for attack modeling in testing," Automation of Software Test (AST), 2013 8th International Workshop on , vol., no., pp.71-74, May, 2013
  9. Ross, P.E., "Microsoft to spammers: go phish [e-mail security]," Spectrum, IEEE , vol.43, no.1, pp. 48-49, Jan. 2006
  10. Matsuda, T.; Koizumi, D.; Sonoda, M., "Cross site scripting attacks detection algorithm based on the appearance position of characters," Communications, Computers and Applications (MIC-CCA), 2012 Mosharaka International Conference on , vol., no., pp. 65-70, Oct. 2012.