Prof. Jayanthkumar A Rathod, Darshan S Gowda, Kartik M, Paresh Talekar, Nagaraj Daddi, Ashwini Bhairanallikar, Gousiya G
{"title":"跨站脚本 (XSS) 攻击:全面回顾","authors":"Prof. Jayanthkumar A Rathod, Darshan S Gowda, Kartik M, Paresh Talekar, Nagaraj Daddi, Ashwini Bhairanallikar, Gousiya G","doi":"10.48175/ijarsct-19230","DOIUrl":null,"url":null,"abstract":"Cross-site scripting (XSS) is a critical threat to web applications, involving the insertion of malicious code to compromise user trust and extract sensitive information. This paper presents a comprehensive review of various XSS attack types, including Reflected, Persistent, DOM-based, Blind XSS, and Self-XSS. It discusses prevention and remediation strategies such as secure development practices, data assessment, content filtering, encoding, and the use of web application firewalls and security tools like Cloudflare and Zscaler. Despite advancements, XSS vulnerabilities persist due to inadequate security measures during development. The paper emphasizes the need for robust security plans and introduces Sanctum's App-Scan as an example of an effective security measure. Lastly, it underscores the importance of understanding and addressing the diverse forms of XSS attacks to ensure comprehensive internet security","PeriodicalId":472960,"journal":{"name":"International Journal of Advanced Research in Science, Communication and Technology","volume":"51 6","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Cross-Site Scripting (XSS) Attack: A Comprehensive Review\",\"authors\":\"Prof. Jayanthkumar A Rathod, Darshan S Gowda, Kartik M, Paresh Talekar, Nagaraj Daddi, Ashwini Bhairanallikar, Gousiya G\",\"doi\":\"10.48175/ijarsct-19230\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross-site scripting (XSS) is a critical threat to web applications, involving the insertion of malicious code to compromise user trust and extract sensitive information. This paper presents a comprehensive review of various XSS attack types, including Reflected, Persistent, DOM-based, Blind XSS, and Self-XSS. It discusses prevention and remediation strategies such as secure development practices, data assessment, content filtering, encoding, and the use of web application firewalls and security tools like Cloudflare and Zscaler. Despite advancements, XSS vulnerabilities persist due to inadequate security measures during development. The paper emphasizes the need for robust security plans and introduces Sanctum's App-Scan as an example of an effective security measure. Lastly, it underscores the importance of understanding and addressing the diverse forms of XSS attacks to ensure comprehensive internet security\",\"PeriodicalId\":472960,\"journal\":{\"name\":\"International Journal of Advanced Research in Science, Communication and Technology\",\"volume\":\"51 6\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Advanced Research in Science, Communication and Technology\",\"FirstCategoryId\":\"0\",\"ListUrlMain\":\"https://doi.org/10.48175/ijarsct-19230\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Advanced Research in Science, Communication and Technology","FirstCategoryId":"0","ListUrlMain":"https://doi.org/10.48175/ijarsct-19230","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Cross-Site Scripting (XSS) Attack: A Comprehensive Review
Cross-site scripting (XSS) is a critical threat to web applications, involving the insertion of malicious code to compromise user trust and extract sensitive information. This paper presents a comprehensive review of various XSS attack types, including Reflected, Persistent, DOM-based, Blind XSS, and Self-XSS. It discusses prevention and remediation strategies such as secure development practices, data assessment, content filtering, encoding, and the use of web application firewalls and security tools like Cloudflare and Zscaler. Despite advancements, XSS vulnerabilities persist due to inadequate security measures during development. The paper emphasizes the need for robust security plans and introduces Sanctum's App-Scan as an example of an effective security measure. Lastly, it underscores the importance of understanding and addressing the diverse forms of XSS attacks to ensure comprehensive internet security
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
