Advanced Approach on XSSDS Technique

Abstract

In order to develop web applications, the developers will need to use different technologies. The most common of these technologies are the HTML, XHTML and JavaScript. The vulnerabilities in these technologies arise many security attacks on the web applications. The most important and common one is Cross-site scripting (XSS) attack, which can be defined as code injection attack, this attack allows the attacker to execute malicious script in another user’s browser. Once the attacker gains control, he will be able to perform actions such as session-hijacking, malware-spreading, cookie-stealing and malicious redirection by embedding scripts in a web page that will get executed whenever the page is loaded. In this paper, we explore the different types of XSS attack and its impact on both server and client-side. After that, we select three server-side detection techniques, addressing how each technique work and the main weaknesses of each one, then we selected one of those techniques which is XSSDS and provide an advanced approach of it that could cover its weaknesses.