Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing

IF 1.8 4区计算机科学 Q3 TELECOMMUNICATIONS

Annals of Telecommunications Pub Date : 2024-04-18 DOI:10.1007/s12243-024-01022-8

Germán Rodríguez-Galán, Jenny Torres

{"title":"Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing","authors":"Germán Rodríguez-Galán, Jenny Torres","doi":"10.1007/s12243-024-01022-8","DOIUrl":null,"url":null,"abstract":"<p>Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"38 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12243-024-01022-8","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.

Abstract Image

查看原文本刊更多论文

个人数据过滤：比较网络应用程序中 XSS 攻击与 Cookie 窃取有效性的系统性文献综述

跨站脚本（XSS）攻击通过窃取 cookie 来泄露个人信息，对网络应用程序的安全性构成重大威胁。本研究调查了针对网站的XSS攻击与旨在窃取cookie以泄露个人信息的XSS攻击之间的关系。本研究进行了系统的文献综述，分析了 2018 年至 2023 年的 96 篇科学文章。针对检测漏洞或缓解XSS攻击的方法和工具、窃取cookie的技术以及通过窃取cookie泄露个人信息的趋势，提出了三个互补的研究问题。Rayyan Intelligent Systematic Literature、Atlas.ti 和 Research Rabbit 工具利用 IEEE Digital Xplore、ACM Digital Library、Springer Link、Web of Science 和 Mendeley 等资源为我们的分析提供了支持。使用 Research Rabbit 工具采用了滚雪球技术，以查找相关文章，避免参数和出版物不一致，并降低偏差风险。对网站的 XSS 攻击与通过 XSS 攻击窃取 cookie 的比例为 5:1。因此，必须坚持不懈地研究和引入新方法或工具来解决这一问题，并提供更好的保护，防止通过 XSS 攻击劫持 cookie。研究缺口在于了解通过 XSS 攻击窃取 cookie 是如何过滤我们的个人信息的。需要开展更多研究来填补这一空白，并开发新型技术或工具，让最终用户了解他们的个人信息是如何通过 XSS 攻击窃取 cookie 而泄露的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annals of Telecommunications 工程技术-电信学

CiteScore

5.20

自引率

5.30%

发文量

审稿时长

4.5 months

期刊介绍： Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.