Cookies are the mechanisms that maintain an
authentication state between the user and web application.
Therefore cookies are the possible targets for the attackers. Cross
Site Scripting (XSS) attack is one of such attacks against the web
applications in which a user has to compromise its browser’s
resources (e.g. cookies). In this paper, a novel technique of
SHA_512 Hash Technique is introduced whose aim is to make
cookies worthless for the attackers. The work done in HTTP
protocol with windows10.
Study of Cross-Site Scripting Attacks and Their CountermeasuresEditor IJCATR
In present-day time, most of the associations are making use of web services for improved services to their
clients. With the upturn in count of web users, there is a considerable hike in the web attacks. Thus, security becomes
the dominant matter in web applications. The disparate kind of vulnerabilities resulted in the disparate types of attacks.
The attackers may take benefit of these vulnerabilities and can misuse the data in the database. Study indicates that
more than 80% of the web applications are vulnerable to cross-site scripting (XSS) attacks. XSS is one of the fatal
attacks & it has been practiced over the maximum number of well-known search engines and social sites. In this paper,
we have considered XSS attacks, its types and different methods employed to resist these attacks with their
corresponding limitations. Additionally, we have discussed the proposed approach for countering XSS attack and how
this approach is superior to others.
Tracing out Cross Site Scripting Vulnerabilities in Modern ScriptsEswar Publications
Web Technologies were primarily designed to cater the need of ubiquitousness. The security concern has been overlooked and such overlooks resulted in vulnerabilities. These vulnerabilities are being highly exploited by hackers in various ways to compromise security. When vulnerability is blocked, the attacker traces out a different mechanism to exploit it. Cross site scripting (XSS) attack is also an exploitation of one of the vulnerabilities existing in the web applications. This paper traces out the vulnerability in functions and attributes of modern scripts to carry out cross site scripting attack and suggests preventive measures.
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...IJECEIAES
Cross-Site Scripting (XSS) is one of serious web application attack. Web applications are involved in every activity of human life. JavaScript plays a major role in these web applications. In XSS attacks hacker inject malicious JavaScript into a trusted web application, execution of that malicious script may steal sensitive information from the user. Previous solutions to prevent XSS attacks require a lot of effort to integrate into existing web applications, some solutions works at client-side and some solutions works based on filter list which needs to be updated regularly. In this paper, we propose an Image Substitute technique (ImageSubXSS) to prevent Cross-Site Scripting attacks which works at the server-side. The proposed solution is implemented and evaluated on a number of XSS attacks. With a single line, developers can integrate ImageSubXSS into their applications and the proposed solution is able to prevent XSS attacks effectively.
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
In the recent years, everything is in web. It may be Organization’s administration software,
Custom ERP application, Employee portals or Real estate portals. The Social networking sites
like Face book, Twitter, MySpace which is a web application is been used by millions of users
around the world. So web applications have become very popular among users. Hence they are
observed and may be exploited by hackers. Researchers and industry experts state that the
Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application. The
cross-site scripting has become a common vulnerability of many web sites and web
applications. XSS consists in the exploitation of input validation flaws, with the purpose of
injecting arbitrary script code which is later executed at the web browser of the victim.
According to OSWAP, Cross-site scripting attacks on web applications have experienced an
important rise in recent year. This demands an efficient approach on the server side to protect
the users of the application as the reason for the vulnerability primarily lies on the server side.
The actual exploitation is within the victim’s web browser on the client-side. Therefore, an
operator of a web application has only very limited evidence of XSS issues. However, there are
many solutions for this vulnerability. But such techniques may degrade the performance of the
system. In such scenarios challenge is to decide which method, platform, browser and
middleware can be used to overcome the vulnerabilities, with reasonable performance over
head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform, middleware technology and browser used by the end user. We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance. We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware. In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar
Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
Study of Cross-Site Scripting Attacks and Their CountermeasuresEditor IJCATR
In present-day time, most of the associations are making use of web services for improved services to their
clients. With the upturn in count of web users, there is a considerable hike in the web attacks. Thus, security becomes
the dominant matter in web applications. The disparate kind of vulnerabilities resulted in the disparate types of attacks.
The attackers may take benefit of these vulnerabilities and can misuse the data in the database. Study indicates that
more than 80% of the web applications are vulnerable to cross-site scripting (XSS) attacks. XSS is one of the fatal
attacks & it has been practiced over the maximum number of well-known search engines and social sites. In this paper,
we have considered XSS attacks, its types and different methods employed to resist these attacks with their
corresponding limitations. Additionally, we have discussed the proposed approach for countering XSS attack and how
this approach is superior to others.
Tracing out Cross Site Scripting Vulnerabilities in Modern ScriptsEswar Publications
Web Technologies were primarily designed to cater the need of ubiquitousness. The security concern has been overlooked and such overlooks resulted in vulnerabilities. These vulnerabilities are being highly exploited by hackers in various ways to compromise security. When vulnerability is blocked, the attacker traces out a different mechanism to exploit it. Cross site scripting (XSS) attack is also an exploitation of one of the vulnerabilities existing in the web applications. This paper traces out the vulnerability in functions and attributes of modern scripts to carry out cross site scripting attack and suggests preventive measures.
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...IJECEIAES
Cross-Site Scripting (XSS) is one of serious web application attack. Web applications are involved in every activity of human life. JavaScript plays a major role in these web applications. In XSS attacks hacker inject malicious JavaScript into a trusted web application, execution of that malicious script may steal sensitive information from the user. Previous solutions to prevent XSS attacks require a lot of effort to integrate into existing web applications, some solutions works at client-side and some solutions works based on filter list which needs to be updated regularly. In this paper, we propose an Image Substitute technique (ImageSubXSS) to prevent Cross-Site Scripting attacks which works at the server-side. The proposed solution is implemented and evaluated on a number of XSS attacks. With a single line, developers can integrate ImageSubXSS into their applications and the proposed solution is able to prevent XSS attacks effectively.
Analysis of XSS attack Mitigation techniques based on Platforms and Browserscscpconf
In the recent years, everything is in web. It may be Organization’s administration software,
Custom ERP application, Employee portals or Real estate portals. The Social networking sites
like Face book, Twitter, MySpace which is a web application is been used by millions of users
around the world. So web applications have become very popular among users. Hence they are
observed and may be exploited by hackers. Researchers and industry experts state that the
Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application. The
cross-site scripting has become a common vulnerability of many web sites and web
applications. XSS consists in the exploitation of input validation flaws, with the purpose of
injecting arbitrary script code which is later executed at the web browser of the victim.
According to OSWAP, Cross-site scripting attacks on web applications have experienced an
important rise in recent year. This demands an efficient approach on the server side to protect
the users of the application as the reason for the vulnerability primarily lies on the server side.
The actual exploitation is within the victim’s web browser on the client-side. Therefore, an
operator of a web application has only very limited evidence of XSS issues. However, there are
many solutions for this vulnerability. But such techniques may degrade the performance of the
system. In such scenarios challenge is to decide which method, platform, browser and
middleware can be used to overcome the vulnerabilities, with reasonable performance over
head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform, middleware technology and browser used by the end user. We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance. We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware. In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar
Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
Study of Web Application Attacks & Their Countermeasuresidescitation
Web application security is among the hottest issue
in present web scenario due to increasing use of web
applications for e-business environment. Web application has
become the easiest way to provide wide range of services to
users. Due to transfer of confidential data during these services
web application are more vulnerable to attacks. Web
application attack occurs because of lack of security awareness
and poor programming skills. According to Imperva web
application attack report [1] websites are probe once every
two minutes and this has been increased to ten attacks per
second in year 2012. In this paper we have presented most
common and dangerous web application attacks and their
countermeasures.
This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
In this digital era, organizations and industries are moving towards replacing websites with web applications for many obvious reasons. With this transition towards web-based applications, organizations and industries find themselves surrounded by several threats and vulnerabilities. One of the largest concerns is keeping their infrastructure safe from attacks and misuse. Web security entails applying a set of procedures and practices, by applying several security principles at various layers to protect web servers, web users, and their surrounding environment. In this paper, we will discuss several attacks that may affect web-based applications namely: SQL injection attacks, cookie poisoning, cross-site scripting, and buffer overflow. Additionally, we will discuss detection and prevention methods from such attacks.
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
In today’s Era, Web applications are one of the most part ubiquitous platforms for
information sharing and services over Internet which play significant role in individual life as well
as in any country’s growth. Web applications have gone through a very rapid Growth As they are
increasingly used for the financial organization, government, hospitality and many critical services.
Web applications become a popular and precious target for security attacks. at the present time,
billions of transactions are done online through net banking, online shopping, online billing and
many more. Even though these applications are used by lots of people modern web applications
often implements the complex structure requires for user to carry out actions in given order, in
many cases the security level is too low, which makes them vulnerable to get compromised. Even
though a large number of techniques have been developed to build up web applications and
mitigate the attacks toward web applications, there is little effort constant to drawing relations
among these techniques and building a big picture of web application security(WAS) research. In
this paper, we present a survey on various types of web application vulnerabilities(WAV).
Routine Detection Of Web Application Defence FlawsIJTET Journal
Abstract— The detection process for security vulnerabilities in ASP.NET websites / web applications is a complex one, most of the code is written by somebody else and there is no documentation to determine the purpose of source code. The characteristic of source code defects generates major web application vulnerabilities. The typical software faults that are behind of web application vulnerabilities, taking into different programming languages. To analyze their ability to prevent security vulnerabilities ASP.NET which is part of .NET framework that separate the HTML code from the programming code in two files, aspx file and another for the programming code. It depends on the compiled language (Visual Basic VB, C sharp C#, Java Script). Visual Basic and C# are the most common languages using with ASP.NET files, and these two compiled languages are in the construction of our proposed algorithm in addition to aspx files. The hacker can inject his malicious as a input or script that can destroy the database or steal website files. By using scanning tool the fault detection process can be done. The scanning process inspects three types of files (aspx, VB and C#). then the software faults are identified. By using fault recovery process the prepared replacement statement technique is used to detect the vulnerabilities and recover it with high efficiency and it provides suggestion then the report is generated then it will help to improve the overall security of the system.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Web Vulnerabilities And Exploitation - Compromising The WebZero Science Lab
One of the main problems of all big companies is how their applications are secured from cyber attacks. New types of vulnerabilities and attack vectors are being developed every day, therefore they pose a potential threat to all applications that rely on some kind of web technology. This document explains the most common and most dangerous web attacks as well as techniques how to secure your infrastructure from being compromised. We focus on SQL injections, XSS, CSRF, RFI/LFI and Server Side Includes. We discuss the attack vectors of web vulnerabilities and exploitation schemas. However, regardless of the security measures taken and defenses being deployed, there will always be a way in. Nevertheless, security analysis provide a valuable insight that can grant the advantage over said attackers and allow us to stay one step ahead.
Study of Web Application Attacks & Their Countermeasuresidescitation
Web application security is among the hottest issue
in present web scenario due to increasing use of web
applications for e-business environment. Web application has
become the easiest way to provide wide range of services to
users. Due to transfer of confidential data during these services
web application are more vulnerable to attacks. Web
application attack occurs because of lack of security awareness
and poor programming skills. According to Imperva web
application attack report [1] websites are probe once every
two minutes and this has been increased to ten attacks per
second in year 2012. In this paper we have presented most
common and dangerous web application attacks and their
countermeasures.
This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
In this digital era, organizations and industries are moving towards replacing websites with web applications for many obvious reasons. With this transition towards web-based applications, organizations and industries find themselves surrounded by several threats and vulnerabilities. One of the largest concerns is keeping their infrastructure safe from attacks and misuse. Web security entails applying a set of procedures and practices, by applying several security principles at various layers to protect web servers, web users, and their surrounding environment. In this paper, we will discuss several attacks that may affect web-based applications namely: SQL injection attacks, cookie poisoning, cross-site scripting, and buffer overflow. Additionally, we will discuss detection and prevention methods from such attacks.
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
In today’s Era, Web applications are one of the most part ubiquitous platforms for
information sharing and services over Internet which play significant role in individual life as well
as in any country’s growth. Web applications have gone through a very rapid Growth As they are
increasingly used for the financial organization, government, hospitality and many critical services.
Web applications become a popular and precious target for security attacks. at the present time,
billions of transactions are done online through net banking, online shopping, online billing and
many more. Even though these applications are used by lots of people modern web applications
often implements the complex structure requires for user to carry out actions in given order, in
many cases the security level is too low, which makes them vulnerable to get compromised. Even
though a large number of techniques have been developed to build up web applications and
mitigate the attacks toward web applications, there is little effort constant to drawing relations
among these techniques and building a big picture of web application security(WAS) research. In
this paper, we present a survey on various types of web application vulnerabilities(WAV).
Routine Detection Of Web Application Defence FlawsIJTET Journal
Abstract— The detection process for security vulnerabilities in ASP.NET websites / web applications is a complex one, most of the code is written by somebody else and there is no documentation to determine the purpose of source code. The characteristic of source code defects generates major web application vulnerabilities. The typical software faults that are behind of web application vulnerabilities, taking into different programming languages. To analyze their ability to prevent security vulnerabilities ASP.NET which is part of .NET framework that separate the HTML code from the programming code in two files, aspx file and another for the programming code. It depends on the compiled language (Visual Basic VB, C sharp C#, Java Script). Visual Basic and C# are the most common languages using with ASP.NET files, and these two compiled languages are in the construction of our proposed algorithm in addition to aspx files. The hacker can inject his malicious as a input or script that can destroy the database or steal website files. By using scanning tool the fault detection process can be done. The scanning process inspects three types of files (aspx, VB and C#). then the software faults are identified. By using fault recovery process the prepared replacement statement technique is used to detect the vulnerabilities and recover it with high efficiency and it provides suggestion then the report is generated then it will help to improve the overall security of the system.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Web Vulnerabilities And Exploitation - Compromising The WebZero Science Lab
One of the main problems of all big companies is how their applications are secured from cyber attacks. New types of vulnerabilities and attack vectors are being developed every day, therefore they pose a potential threat to all applications that rely on some kind of web technology. This document explains the most common and most dangerous web attacks as well as techniques how to secure your infrastructure from being compromised. We focus on SQL injections, XSS, CSRF, RFI/LFI and Server Side Includes. We discuss the attack vectors of web vulnerabilities and exploitation schemas. However, regardless of the security measures taken and defenses being deployed, there will always be a way in. Nevertheless, security analysis provide a valuable insight that can grant the advantage over said attackers and allow us to stay one step ahead.
Base Paper Abstract:
Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic
vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers.
http://kaashivinfotech.com/
http://inplanttrainingchennai.com/
http://inplanttraining-in-chennai.com/
http://internshipinchennai.in/
http://inplant-training.org/
http://kernelmind.com/
http://inplanttraining-in-chennai.com/
http://inplanttrainingchennai.com/
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxGitam Gadtaula
As web applications become more prevalent, web security becomes more and more important. Cross-site scripting vulnerability abbreviated as XSS is a kind of common injection web vulnerability. The exploitation of XSS vulnerabilities can hijack users' sessions, modify, read and delete business data of web applications, place malicious codes in web applications, and control victims to attack other targeted servers. This paper discusses classification of XSS, and designs a demo website to demonstrate attack processes of common XSS exploitation scenarios. The paper also compares and analyzes recent research results on XSS detection, divides them into three categories according to different mechanisms. The three categories are static analysis methods, dynamic analysis methods and hybrid analysis methods. The paper classifies 30 detection methods into above three categories, makes overall comparative analysis among them, lists their strengths and weaknesses and detected XSS vulnerability types. In the end, the paper explores some ways to prevent XSS vulnerabilities from being exploited.
logout.php Session Data after Logout Username Email . $_.docxsmile790243
logout.php
Session Data after Logout
Username Email " . $_SESSION['appusername'] . "
" .
"" . $_SESSION['appemail'] . "
";
?>
ZAP Scanning Report for loginAuthReport.odt
ZAP Scanning Report
Summary of Alerts
Risk Level
Number of Alerts
High
2
Medium
1
Low
5
Informational
3
Alert Detail
High (Warning)
Cross Site Scripting (Reflected)
Description
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
URL
http://localhost/week4/authcheck.php
Parameter
username
Attack
</td><script>alert(1);</script><td>
Solution
Phase ...
With the increased number of web applications, web security is be- coming more and more significant. Cross-Site Scripting vulnerability, abbreviated as XSS, is a common web vulnerability. Exploiting XSS vulnerabilities can cause hijacked user sessions, malicious code injec- tions into web applications, and critical information stealing. This article gives brief information about XSS, discusses its types, and de- signs a demo website to demonstrate attack processes of common XSS exploitation scenarios. The article also shows how to prevent XSS at- tacks with code illustrations.
Abstract
With the increased number of web applications, web security is be- coming more and more significant. Cross-Site Scripting vulnerability, abbreviated as XSS, is a common web vulnerability. Exploiting XSS vulnerabilities can cause hijacked user sessions, malicious code injec- tions into web applications, and critical information stealing. This article gives brief information about XSS, discusses its types, and de- signs a demo website to demonstrate attack processes of common XSS exploitation scenarios. The article also shows how to prevent XSS at- tacks with code illustrations.
The most Common Website Security ThreatsHTS Hosting
This article sheds light upon website security, the reasons for which vulnerable websites are exploited as well as the most common types of security threats that are a constant source of danger for websites as well as for website visitors.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Prevention of Cross-Site Scripting using Hash Technique
1. Prevention of Cross-Site Scripting using Hash
Technique
Dr.Muna M.T.Jawhar
Dept. of Software Engineering
College of Computer Sc. & Math, University of Mosul.
Mosul, Iraq.
Abstract— Cookies are the mechanisms that maintain an
authentication state between the user and web application.
Therefore cookies are the possible targets for the attackers. Cross
Site Scripting (XSS) attack is one of such attacks against the web
applications in which a user has to compromise its browser’s
resources (e.g. cookies). In this paper, a novel technique of
SHA_512 Hash Technique is introduced whose aim is to make
cookies worthless for the attackers. The work done in HTTP
protocol with windows10.
Keywords-component; Cookies, HTTP protocol, Cross-Site
Scripting Attacks, Hash function.
I. INTRODUCTION
Normally, users in client side through web browsers
request the resources from the server side through web server
of the web application, and the web server respond with the
resources through HTTP protocol [1] in which no sessions are
retained [2]. Therefore, web applications generally use cookies
to provide a mechanism for creating stateful HTTP sessions.
Cookies are often used to store the session [3] for the web
applications that require authentication. Since the cookies can
both identify and authenticate the users [4], this makes the
cookies a very interesting target for the attackers. Now-a-days,
Cross-Site Scripting (XSS) attack is a common vulnerability
which is being exploited in modern web applications through
the injection of advanced HTML tags and Java Script
functions. A weak input validation on the web application
causes the stealing of cookies from the web browser’s database.
In many cases, the attacker who can obtain the valid cookies
from XSS attack can directly hijack the user’s session.
Cross-Site Scripting attack continuously leads the most wide
spread web application vulnerabilities lists (e.g. OWASP [5]
etc.). XSS are broadly classified into two main attacks which
are Persistent and Non-Persistent Attacks [6] [7]. Persistent
attack (also called as stored attack) holes exist when an attacker
post the malicious code on the vulnerable web application’s
repository. As a result, if the stored malicious code gets
executed by the victim’s browser, then stored attack gets
exploited on the victim’s web browser. Secondly non-persistent
attack (also called as reflected attack) means that the vulnerable
malicious code is not persistently stored on a web server but it
is immediately displayed by the vulnerable web application
back to the victim’s web browser. If so, then the malicious
code gets executed on the victim’s web browser and finally,
victim’s browser has to compromise its resources (e.g.
cookies). The rest of the paper is organized as follows. Section
II discusses the related works, and section III mention
background of cookies and the XSS attack, detection and
prevention of XSS attacks. Section IV discusses our proposed
technique. Section V discusses our proposed technique. Finally
we conclude and brief the future work in last section.
II. RELATED WORK
A.S. Christensen, A. Moller, and M.I. Schwartzbach suggested
the study of static string analysis for imperative languages.
They have shown usefulness of string analysis for analyzing
reflective code in Java programs and checking for errors in
dynamically generated SQL queries. They used finite state
automata (FSAs) as a target language representation to analyze
Java. Methods from computational linguistics were also
applied to generate good Finite State Automata approximation
of CFGs [8].
Y.W Huang and others used counterexample traces to
minimize the number of sanitization routines inserted and to
identify the reason of errors that enhance the precision of both
code instrumentation and error reports [9]. Variables
representing current trust level were assigned states which
further were used in verifying the legal information flow in a
web application. Now in order to verify the correctness of all
safety states of program Abstract Interpretation, Bounded
Model Checking technique was used[10].
In [11] the authors provide an approach to address security
risks by using proven security library known as Enterprise
Security API from Open Web Application Security Project.
They also provided an assessment of the approach against the
existing way of handling cross site scripting vulnerabilities.
In [11], a Webmail XSS fuzzer called L-WMxD (Lexical based
Webmail XSS Discoverer), which works on a lexical based
mutation engine is an active defence system to discover XSS
before the webmail application is online for service. The
researchers have run the L-WMxD on over 26 real-world
Webmail applications and found vulnerabilities in 21 Webmail
services, including some of the most widely used Yahoo-Mail.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 3, March 2018
44 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. In [12] authors conduct a thorough analysis of the current state-
of-the-art in browser-based XSS filtering and uncover a set of
conceptual shortcomings, that allow efficient creation of filter
evasions, especially in the case of DOM-based XSS. To
validate their findings, they reported on practical experiments
using a set of 1,602 real-world vulnerabilities, achieving a rate
of 73% successful filter bypasses. Motivated by their findings,
they proposed an alternative filter design for DOM-based XSS,
that utilizes runtime taint tracking and taint-aware parsers to
stop the parsing of attacker controlled syntactic content. To
examine the efficiency and feasibility of their approach, they
presented a practical implementation based on the open source
browser Chromium.
III. CROSS-SITE SCRIPTING
Cross-site scripting (XSS) attack is one of the most
common vulnerabilities in web applications. It considered as
one of the top 10 web application vulnerabilities of 2013 by the
Open Web Application Security Project (OWASP) [13].
According Cenzic Application Vulnerability Trends Report
(2013) Cross Site Scripting represents 26% of the total
population respectively [14] and considers as top most first
attack. Two recent incidents highlighted the severity of xss
vulnerability are Apple Developer Site (July 18, 2013) and
Ubuntu Forums (July 14 and July 20, 2013) [15]. Cross Site
Scripting attack carried out using HTML, JavaScript,
VBScript, ActiveX, Flash, and other client-side languages. A
weak input validation on the web application leads Cross Site
Scripting attacks to gather data from account hijacking,
changing of user settings, cookie theft. Detection or prevention
of XSS is a topic of active research in the industry and
academia. To achieve those purposes, automatic tools and
security system have been implemented, but none of them are
complete or accurate enough to guarantee an absolute level of
security on web application. One of the important reasons of
this shortcoming is that there is lack of common and complete
methodology for the evaluation either in terms of performance
or needed source code modification which in an overhead for
an existing system. A mechanism which will easily deployable
and provide a good performance to detect and prevent the
Cross-site scripting (XSS) attack is essential one.
Figure 1. Web Application Security Vulnerability Population (2013)
Types of Cross-Site Scripting Attack
There are three distinct types of XSS attacks: non persistent,
persistent, and DOM-based.
A. Persistent XSS Attack:
In the persistent XSS an attacker can inject the malicious
code into the page persistently and that means the code will be
stored in the target servers as an html text, such as in a
database, in a comment field, messages posted on forums, etc.,
and this code will be stored in the page which will show to the
user victim later on. If the user victim goes to the page which is
embedded with XSS attacking code, the code will execute on
the user victim’s browser, which, in turn sends the user’s
sensitive information from his site to the attacker’s site. The
persistent XSS attack is also known as stored XSS attack.
Compared with “REFLECTED XSS”, this type of XSS does
more serious harm. If the “STORED XSS” vulnerability is
successfully exploited by hackers, it will persistently attack the
users until administrator remove this vulnerability. The
following Figure 2. shows architecture of exploiting the
persistent XSS attack by a malicious attacker.
Figure 2. Architecture of Exploiting the Persistent XSS Attack
B. Non-persistent XSS Attack:
Non-persistent cross-site scripting vulnerability is the
common type of XSS attacks. The attack code is not
persistently stored, but, instead, it is immediately reflected back
to the user. It is also known as reflected XSS attack. In this
type the injected code is sent back to the user victim off the
server, such as in an error message, search result, or any other
response that includes some or all of the input sent to the server
as part of the request. To do this, the attacker sends a link to the
user victim (e.g., by email). If the user victim clicks on the link,
the vulnerable web application displays the requested web page
with the information passed to it in this link. This information
contains the malicious code which is now part of the web page
that is sent back to the web browser of the user, where it is
executed. The following Figure 3 is an architecture which
shows the sequence of steps of exploiting the reflected XSS
vulnerability by a malicious attacker.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 3, March 2018
45 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. Figure 3. Architecture of Exploiting the Non-persistent XSS Attack
C. DOM-based XSS:
DOM-based cross-site scripting attacks are performed
by modifying the DOM “environment” in the client side
instead of sending any malicious code to server. DOM is
short for Document Object Model and it is a platform and
language neutral interface. DOM allows the scripting to
change the HTML or XML document, the HTML or XML
document can be modified by a hacker’s scripting or
program. Therefore, DOM-based XSS uses DOMs
vulnerability to make the XSS come true. This type of XSS
vulnerability is totally different from the reflected or stored
XSS attack and it does not inject malicious code into a
page. So, it is the problem of the insecure DOM object
which can be controlled by the client side in the web page
or application. For this reason, hackers can let the attack
payload execute in the DOM environment to attack the
Victim side. The following Figure 4 is an architecture
which shows the sequence of steps of exploiting the
reflected XSS vulnerability by a malicious attacker.
Figure 4. Architecture of Exploiting the DOM-based XSS Attack
IV. WHAT IS A COOKIE?
Cookies are the best current way to identify users and allow
persistent sessions[16]. Cookies are small repositories of data
that are stored within your web browser by a web server.
Cookies were first developed by Netscape but now are
supported by all major browsers[17]. They are rife with
security concerns, and some of them can even track your online
activity. Whenever you visit a web site, the cookie stored in
your browser serves as a type of ID card. Each additional time
you login or request resources from the same web server, the
cookie saved in your browser sends its stored data to the web
server. This allows web site administrators, and even Internet
marketers, to see which of their pages are getting the most hits,
how long users stay on each page, which links they click on,
and a wealth of other information.
And believe it or not, cookies are extremely prevalent these
days. Have you ever purchased something from Amazon.com?
If so, then you’ve used cookies before, whether you knew it or
not. It’s quite common for online ecommerce sites to use
cookies to record and store personal information you’ve
entered, which products you’ve searched for, which items are
in your online shopping cart, and other information so it
doesn’t need to be tediously reentered each time you want to
make a purchase.
Furthermore, cookies are used to make a website more
personal. Many sites offer preference options to let you
customize the look, feel, and experience of any given web
service. Once you revisit the site or resource, you’ll find that all
your preferences were preserved. Though cookies make
browsing the web a lot more convenient, they do have a lot of
security drawbacks, as we’ll discuss next.
V. TYPES OF COOKIES AND SECURITY PROBLEMS
We can classify cookies broadly into two types:
session cookies and persistent cookies. A session cookie is a
temporary cookie that keeps track of settings and preferences
as a user navigates a site. A session cookie is deleted when the
user exits the browser. Persistent cookies can live longer; they
are stored on disk and survive browser exits and computer
restarts. Persistent cookies often are used to retain a
configuration profile or login name for a site that a user visits
periodically. The only difference between session cookies and
persistent cookies is when they expire [18].
There are two different versions of cookie
specifications in use: Version 0 cookies (sometimes called
"Netscape cookies"), and Version 1 ("RFC 2965") cookies.
Version 1 cookies are a less widely used extension of Version 0
cookies [15].
The cookie contain the following information:
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 3, March 2018
46 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. TABLE I. THE COOKIE CONTAIN THE FOLLOWING INFORMATION
Information Value Optional or
original
Cookie
attribute
NAME=VALUE. Original
Expires contain the time and date. Optional
Domain A browser sends the cookie only
to server hostnames in the
specified domain like
"acme.com"
Optional
Path This attribute lets you assign
cookies to particular documents
on a server
Optional
even though your browser has ways to manage cookies,
some are nearly impossible to delete. The problem is that
special types of cookies aren’t stored within your browser,
so even if you opt for a different web browser (Firefox,
Chrome, etc.), the cookie will still be active. And many of
these types of cookies are much larger than the average
4KB HTTP cookies – some of them ranging to 100KB or
even 1MB. If you attempt to delete the cookie but notice
that it keeps coming back every time you restart your
browser, you’ve discovered a zombie cookie and may need
special security software to remove it.
VI. PROPOSED METHOD
In this section, we present a novel procedure whose main
objective is to make the cookies useless for the attackers. This
approach is easily implemented on the web server without any
changes required on the web browser. In this paper the web
server will produce a hash of value of name attribute and
domain in the cookie and send this hash value to the browser,
so the browser will keep the hash value of cookie in its
database rather than the original value. Now each time, if the
browser wants to reconnect as a part of active connection, the
browser has to include the hash cookie value into its
corresponding request so that the web server will also rewrite
this hash cookie value to the original value, which is generated
by the web server. Rewriting of hash value to original value is
necessary to be done at the server side, so that the user at the
browser side will get authenticated by the web server. As the
browser stores the hash value of cookies, so even the XSS
attack can steal the cookies from browser’s database, the
cookies cannot be used later to hijack or take off the user’s
session.
We have conducted the experiments on version 0 cookies in
which three attributes (name, domain) are specified for the
identifying the cookies uniquely. First we must bring the
cookies by capture it. We used Web cookies sniffer for capture
the cookies as in the figure (5), it is a program to capture
cookies in real time from network is a Windows utility, a new
application by Nirsoft that captures all cookies saved on your
computer by websites via browsers and applications, and then
provide you with all information about the saved cookie[19].
Figure 5: capture program
The cookies stored in files, then we take the name and domain
to generate the hash value, all the other attributes will remain
same.
We take this cookies, name and path
hp@microsoft
microsoft.com/
We have used the SHA Hashing function for generate hashing
value. Following are some of the steps which are used to
explain the SHA-512 Hashing Technique[18][20]:-
Append padding bits.
Append length.
Initialize hash buffer.
Process the message in 1024 bit (128 word) which
forms the heart of the algorithm.
Output the final state value as the resulting hash.
The hash output for the previous cookies is :
fe6eb4f1e09bb3ca5cea07ba9f5f5a8aa462a1adb1634104fbe60d
64ab1d33dfd08f0344eeeea5033efb066d7ba23bd84d428e3b789
64fcc7c2a96b7037968ba
Figure 6: the output of SHA-512
The user on the Clint side submits the user-id and password to
the web server of the web application with HTTP protocol.
The web server submits the corresponding
information from the browser and generates a cookie.
Now the web server will dynamically generate the
hash of value of the name attribute in the cookie and
store both these values (original as well as hash value)
in the form of a table on the server side.
TABLE II: THE COOKIE CONTAIN THE FOLLOWING
INFORMATION
Subsequently, the web server will send the hash value
of the name attribute in the cookie to the web browser.
Cookies Hash value
hp@micr
osoft
microsoft
.com/
fe6eb4f1e09bb3ca5cea07ba9f5f5a8aa462a1adb1634104fbe
60d64ab1d33dfd08f0344eeeea5033efb066d7ba23bd84d428
e3b78964fcc7c2a96b7037968ba
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 3, March 2018
47 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
5. The web browser will store this hash value into its
repository.
Since the cookies at the browser’s database now are not valid
for the web applications. Therefore XSS attack will not be able
to impersonate the user using stolen cookies which are
converted into its hash form. Now if the browser wants to
reconnect to the web server as a part of the active connection, it
has to include cookie (hash value) with its corresponding
request to the web server. The web server will use the
information in the table to rewrite back the values of name
attribute in the cookie (sent by the web browser) to the original
value generated by the web server as shown in the next Figure.
Figure 7: communication between user and web server
VII. CONCLUSION AND FUTURE WORK
This paper has presented the SHA-152 Hash function
technique, whose main purpose is to make the cookies
worthless for the attackers even if the attacker successfully
exploits the vulnerabilities of victim’s web browser. This
technique has been implemented on the web server and the
results showed that our technique worked well with the Version
0 cookies on the modern web browsers with HTTP protocol.
Currently we are working on how our proposed technique
works with the Version 1 cookies on the real world websites. In
future, we would also like to develop an analysis on the Clint.
REFERENCES
[1] D. Gourley, B. Totty, M. Sayer, S. Reddy, and A. Aggarwal, HTTP The
Definitive Guide, 1st ed., O’Reilly Media, US, 2002.
[2] Behrouz A. Forouzan, TCP/IP protocol suite, third edition, 2008.
[3] D. Kristol, “HTTP State Management Mechanism,”, in Internet Society,
2000. Available: http:// www.ietf.org/rfc/rfc2965.txt.
[4] “Cross Site Scripting Techniques and mitigation,”, GovCertUK, revision
1.0, October 2009. Available: www.govcertuk.gov.uk.
[5] Open Web Application Security Project, “The ten most critical web
application security vulnerabilities”, 2007,
www.owasp.org/index.php/OWASP_Top_Ten_Project.
[6] J. Garcia-Alfaro and G. Navarro-Arribas, “Prevention of Cross-Site
Scripting Attacks on Current Web Applications,”, Available:
http://hacks-galore.org/guille/pubs/is-otm-07.pdf.
[7] S. Saha, “Consideration Points: Detecting Cross-Site Scripting,”
(IJCSIS) International Journal of Computer Science and Information
Security,Vol. 4, No. 1 & 2, 2009.
[8] A. S. Christensen, A. Mǿller and M. I. Schwartzbach, “Precise analysis
of string expression”, In proceedings of the 10th international static
analysis symposium, LNCS, Springer-Verlag, vol. 2694, pp. 1-18.
[9] Y. W Huang, F. Yu, C. Hang, C. H. Tsai, D. Lee and S. Y. Kuo,
“Verifying Web Application using Bounded Model Checking,” In
Proceedings of the International Conference on Dependable Systems and
Networks, (2004).
[10] Bhanu Prakash Gopularam1 and N. Nalini2," Cross Site Scripting
Security Vulnerabilities and Risk Mitigation Using Enterprise Security
API for Web-Apps on Public Infrastructure", Elsevier Publications 2013.
[11] Zhushou Tang, Haojin Zhu, Zhenfu Cao, Shuai Zhao, L-WMxD: Lexical
Based Webmail XSS Discoverer, IEEE Conference on Computer
Communications Workshops (INFOCOM WKSHPS), pp. 976-981,
2011.
[12] Ben Stock, Sebastian Lekies and Tobias Mueller ,"Precise client-side
protection against DOM-based Cross-Site Scripting", This paper is
included in the Proceedings of the 23rd USENIX Security Symposium.
August 20–22, 2014.
[13] https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
[14] H. Chen and M. V. Gundy, “Using randomization to enforce information
flow tracking and thwart crosssite scripting attacks,” In Proceedings of
the 16th Annual Network and Distributed System Security Symposium
(NDSS), (2009).
[15] D. Gourley, B. Totty, M. Sayer, S. Reddy, and A. Aggarwal, HTTP The
Definitive Guide, 1st ed., O’Reilly Media, US, 2002.
[16] http://www.thewindowsclub.com/capture-cookies-save-computer-
webcookiessniffer
[17] William Stallings, "Cryptography and network security, principles and
practices", fifth edition, 2008.
[18] Aumasson J.P, Meier W., phan R. and Henzen L., "the hash function
black", 2014.
[19] V. Nithya1, S. Lakshmana Pandian2 and C. Malarvizhi3, " A Survey on
Detection and Prevention of Cross-Site Scripting Attack", International
Journal of Security and Its Applications Vol. 9, No. 3 (2015), pp. 139-
152
[20] https://isis.poly.edu/~jcappos/papers/tr-cse-2013-02.pdf.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 3, March 2018
48 https://sites.google.com/site/ijcsis/
ISSN 1947-5500