A DETECTION OF CROSS-SITE SCRIPTING ATTACK USING DYNAMIC ANALYSIS AND FUZZY INFERENCE SYSTEM

Abstract

The rising population of security problems today’s Web applications is caused by injected codes, with cross-site scripting (XSS) attacks being the most common and dangerous web application attacks through the second millennium, with its drastic crumbling effect on popular sites like Facebook, Samsung, Apple, E-bay, Amazon etc. It is challenging for Web applications to completely eradicate the vulnerabilities because of its difficulty to properly sanitize all the user inputs sent to it. It is often the case that these vulnerabilities are not detected on time and fixed leaving users to be exposed to numerous attacks and thefts of personal information. This work discusses on the various XSS, its types, its detection and prevention mechanisms, and presents a detection framework built by a hybrid mechanism using Dynamic Analysis and Fuzzy Inference to detect these vulnerabilities in web applications for effective solutions to be met. Firstly, the detection systems scans website for discovering potential points for injections. Secondly, generates attack vectors and injects and is sent as HTTP request to web application. Lastly scans the HTTP response for presence of Attack vectors. Detection capability of our detection system is evaluated on real world web applications and desired results were obtained