Cross-Site-Scripting(XSS) Attacking and Defending
Li, Yonghao (2009)
Turun ammattikorkeakoulu
2009
Creative Commons Attribution-NonCommercial-NoDerivs 1.0 Finland
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201004216705
https://urn.fi/URN:NBN:fi:amk-201004216705
Tiivistelmä
Nowadays, network security is becoming more and more important in our daily life. Owing to that the fact that we cannot live without the Internet, providing a good and security networking environment is significantly necessary. However, cross site scripting (XSS) attacks risk millions of websites. XSS can be used to inject malicious scripting code into applications, and then return the code back to the customer side. When users use the web browser to visit the place where the malicious scripting code has been injected, the code will execute directly to the customer‟s computer.
A common solution is detecting the key words of XSS in the browser javascript engine or on the server part to filter the malicious code. Nonetheless, the attacker can construct different new types of malicious scripting to avoid detecting so that it is difficult to collect all keywords in the detecting-list to avoid XSS attacking. Therefore, it is worth letting more people pay attention to XSS and finding more solutions to avoid XSS attacks.
A common solution is detecting the key words of XSS in the browser javascript engine or on the server part to filter the malicious code. Nonetheless, the attacker can construct different new types of malicious scripting to avoid detecting so that it is difficult to collect all keywords in the detecting-list to avoid XSS attacking. Therefore, it is worth letting more people pay attention to XSS and finding more solutions to avoid XSS attacks.