Paper Title
A Review on Cross Site Scripting Vulnerability and Analysis of their Detection and Prevention Techniques
Abstract
Cross Site Scripting is a most prevalent web application security issue. This occurs when application sends the
user provided data to the web browser without validating or encoding the account. XSS flaws occur whenever an application
takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute
scripts in the victim�s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
In this technique hackers execute embedded malicious script on the client machine. The script executed could have the
capabilities of reading, modifying or transmitting sensitive data Thus is lets attacker to execute script in the victims browser
to hijack user sessions, defence web sites, insert hostile content, conduct phishing attacks, and take over user�s browser.
Mainly the sites that reflect back user inputs without validating the contents are prone to such attacks. The code containing
malicious script is usually written in HTML/Java Script, but may also extend to VBScript, ActiveX, Java, Flash, or any other
browser-supported technology. All web application frameworks are vulnerable to this kind of attack. The vulnerability exist
in application only because of SDLC (Software Development Life Cycle) process is not followed, Secure techniques and
guidelines are not used, Quality assessment are not getting done, lack of awareness on latest threats and vulnerabilities.
Index terms - XSS � Cross site scripting, OWASP � Open Web Application Security Project (OWASP) , SQL � Structure
Query language, WAF � Web application Firewall, WASC � Web application Source Code, DOM - Document Object Model,
Web Application ,Detection and Prevention Techniques.