Abstract:
Many prevalent problems of web
applications are induced by injected codes, which pose great
security threats. Vulnerabilities found in web applications are
commonly typically exploited to perpetrate attacks. With
cross-site scripting (XSS), attackers can infuse malevolent
contents into website pages, in this way gaining accessprivileges to sensitive page content of the user such as, session
cookies, user’s data or credentials and several other
information often kept up by the browser on behalf of the
users. This paper presents a hybrid mechanism for detecting
XSS attacks using Dynamic Analysis and Fuzzy Inference. The
approach scans the website for possible points of injection
before generating an attack vector launched via an HTTP
request to a web application. The analysis of the HTTP
response predicts the presence of an attack vector. The
detection capability of the system is evaluated using some
active world web applications and the results show a high rate
of detection.