Cross-Site Scripting Attacks
Classification, Attack, and Countermeasures
Social network usage has increased exponentially in recent years. Platforms like Facebook, Twitter, Google+, LinkedIn and Instagram, not only facilitate sharing of personal data but also connect people professionally. However, development of these platforms with more enhanced features like HTML5, CSS, XHTML and Java Script expose these sites to various vulnerabilities that may be the root cause of various threats. Therefore, social networking sites have become an attack surface for various cyber-attacks such as XSS attack and SQL Injection. Numerous defensive techniques have been proposed, yet with technology up-gradation current scenarios demand for more efficient and robust solutions.
Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures is a comprehensive source which provides an overview of web-based vulnerabilities and explores XSS attack in detail. This book provides a detailed overview of the XSS attack; its classification, recent incidences on various web applications, and impacts of the XSS attack on the target victim. This book addresses the main contributions of various researchers in XSS domain. It provides in-depth analysis of these methods along with their comparative study. The main focus is a novel framework which is based on Clustering and Context based sanitization approach to protect against XSS attack on social network. The implementation details conclude that it is an effective technique to thwart XSS attack. The open challenges and future research direction discussed in this book will help further to the academic researchers and industry specific persons in the domain of security.
Table of Contents
1. Security Flaws in Web Applications. 2. Security Challenges in Social Networking: Taxonomy and Statistics. 3. Fundamentals of Cross-Site Scripting (XSS) Attack. 4. Clustering and Context-Based Sanitization Mechanism for Defending against XSS Attack. 5. Real-World XSS Worms and Handling Tools. 6. XSS Preventive Measures and General Practices.
B. B. Gupta received PhD degree from Indian Institute of Technology Roorkee, India in the area of Information and Cyber Security. He published more than 200 research papers in International Journals and Conferences of high repute including IEEE, Elsevier, ACM, Springer, Wiley, Taylor & Francis, Inderscience, etc. He has visited several countries, i.e. Canada, Japan, USA, UK, Malaysia, Australia, Thailand, China, Hong-Kong, Italy, Spain etc to present his research work. His biography was selected and published in the 30th Edition of Marquis Who's Who in the World, 2012. Dr. Gupta also received Young Faculty research fellowship award from Ministry of Electronics and Information Technology, Government of India in 2018. He is also working as principal investigator of various R&D projects. He is serving as associate editor of IEEE Access, IEEE TII, and Executive editor of IJITCA, Inderscience, respectively. At present, Dr. Gupta is working as Assistant Professor in the Department of Computer Engineering, National Institute of Technology Kurukshetra India. His research interest includes Information security, Cyber Security, Mobile security, Cloud Computing, Web security, Intrusion detection and Phishing.
Pooja Chaudhary is currently pursuing her PhD Degree from National Institute of Technology (NIT), Kurukshetra, Haryana, India, in Information and Cyber Security area. She has completed her Master of Technology (M.Tech) degree in area of Cyber Security from National Institute of Technology (NIT), kurukshetra, Haryana, India. She has received her B.Tech degree in Computer Science and Engineering from Bharat Institute of Technology, Meerut, India, affiliated to Uttar Pradesh Technical University. Her areas of interest include Online Social Network (OSN) security, Big data analysis and security, Database security and cyber security, and Internet of Security (IoT) Security. She has published a number of research papers with various reputed publishers, i.e. IEEE, Springer, Wiley, Inderscience and so on.