Research On XSS Detection System Based On ISR

As the Internet becomes the predominant medium of communication and commerce, there has been an increase in the number of Web applications providing day-to-day services such as shopping, banking, entertainment and more. At the same time most of these applications contain vulnerabilities which are being discovered and exploited at an alarming rate. Cross-Site Scripting (XSS) is universally seen by researchers and industry experts as the top most prevalent Web application vulnerability.The natural and simple way of developing Web applications is prone to XSS as well as other vulnerabilities. In response, over the years various tools have been developed for mitigating common Web application vulnerabilities. However, existing techniques, including some of the emerging defense trends, suffer from various practical drawbacks such as deployment infeasibility, performance overheads and unacceptable inaccuracy rates. Ideally, a reliable, efficient, and configurable server-side tool should be made available to protect any organisation against the evolving threat of XSS without requiring modifications to the existing code.In this research work a detailed profile of XSS is created, illustrating the sources, causes, impact and subtleties of XSS attacks. New attack categories are identified and emerging defense trends are introduced. Tools, methods and processes used by realworld hackers to evade the current Web defense mechanisms are discussed and applied to both real and hypothetical’semi-real’ instances. Past, present and emerging protection solutions are assessed and categorized according to their deployment point and according to other dimensions which we extracted after examining, and reflecting upon, the vast and disparate body of existing literature on the subject.Finally, a set of design principles based on software engineering, secure coding, and firewall theory is derived. Then a framework embodying these principles is put together to protect enterprise resources with performance, accuracy and practicality in mind. The framework was instantiated using the Aspect-Oriented Programming (AOP) paradigm and open-source technologies. Coinciding with what was planned, without involving any additional effort, all the test injection attacks were successfully and efficiently mitigated without breaking the functionality of the evaluated Web application.