Securing Web Applications Against Cross-Site Scripting
Using Web applications becomes more popular, and this raises many security threats against them. One of the
most common and dangerous threats is the Cross Site-Scripting (XSS). XSS scripts can be executed on web browsers as a
result of a request generated by the user and processed by the server. The main objective of this research is to identify if the
defensive mechanism against XSS is provided by popular browsers or not. In addition, it proposes a technique to prevent
XSS attacks. This technique is based on validating the user input against malicious string used by the attackers. Results show
that some browsers have defensive mechanism against simple cross site scripts while complex cross site scripts cannot be
blocked by the browsers. Moreover, the proposed technique verifies the feasibility and practicality of the protection
mechanism against persistent XSS attacks.
Keywords— Cross-Site Scripting (XSS) Attack, Web Applications, Web Security, Security Threats.