Abstract:
The rising population of security problems today’s Web applications is caused by injected
codes, with cross-site scripting (XSS) attacks being the most common and dangerous web
application attacks through the second millennium, with its drastic crumbling effect on popular
sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web
applications to completely eradicate the vulnerabilities because of its difficulty to properly
sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected
on time and fixed leaving users to be exposed to numerous attacks and thefts of personal
information. This work discusses on the various XSS, its types, its detection and prevention
mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic
Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective
solutions to be met. Firstly, the detection systems scans website for discovering potential points
for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to
web application. Lastly scans the HTTP response for presence of Attack vectors. Detection
capability of our detection system is evaluated on real world web applications and desired
results were obtained
