China
Africa
Explore chapters and articles related to this topic
Defending Web Applications Against JavaScript Worms on Core Network of Cloud Platforms
Published in Brij B. Gupta, Michael Sheng, Machine Learning for Computer and Cyber Security, 2019
Shashank Tripathi, Pranav Saxena, Harsh D. Dwivedi, Shashank Gupta
Cross-Site Scripting (XSS): Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS refers to that hacking technique that makes use of vulnerabilities in the code of a web application to allow the hacker to send malicious content from an end-user and collect some type of data from the victim. Web applications that take input from the user side and then generate output without performing any validation are vulnerable to such attacks. The attacker injects client side script into web pages that are accessed by other users. When the browser of that user executes the script, it may perform malicious activities, like access cookies, session tokens or other sensitive information that is supposed to remain with the user.
Loopholes in IoT Security Services
Published in Syed Rameem Zahra, Mohammad Ahsan Chishti, Security and Privacy in the Internet of Things, 2020
Shafalika Vijayal, Salim Qureshi
Cross-site scripting (XSS) is a customer-side code injection attack. The aggressor attempts to float harmful content in an Internet browser of the unfortunate casualty by reminding them of the malignant code for a genuine site page or web application. The actual assault happens through the unfortunate casualty visiting the site page or web application that runs the vindictive program. The web page or application becomes a vehicle to convey the harmful content to the client’s program. Seemingly powerless interfaces that are normally used for cross-website scripting assaults such as discussions, message sheets, and site pages that permit remarks.
Data security
Published in Vahap Tecim, Sezer Bozkus Kahyaoglu, Artificial Intelligence Perspective for Smart Cities, 2023
An XSS (Cross-Site Scripting) attack is a client-side code injection attack. The attack happens by inserting malicious JavaScript code into a legitimate web application that users can access. An attack occurs when another user runs this script. Systems with input elements are the most common target of this attack. With this operation, the attacker can manipulate or illegally possess the data (Gupta and Gupta, 2017). The attack takes place entirely on the client-side, not on the server.
Security test MOODLE: a penetration testing case study
Published in International Journal of Computers and Applications, 2020
Akalanka Karunarathne Mudiyanselage, Lei Pan
For example, if the Moodle application contains a cross-site scripting vulnerability, the attackers could use it to steal the victim user’s session token by injecting java script code that is then executed on the victim users web browser. There are security controls that prevent attacks in this nature, for instance proper input validation prevents malicious users from injecting potentially malicious script code like Javascript and enabling HTTPOnly flag. The HTTPOnly flag prevents malicious scripts on the client browser to access the cookie values.
Taxonomy for Identification of Security Issues in Cloud Computing Environments
Published in Journal of Computer Information Systems, 2018
Monjur Ahmed, Alan T. Litchfield
Web services introduce challenges to security, for example, HTTP vulnerabilities that present threats while users access Cloud services [50]. Threats generally include Structured Query Language (SQL) injection, cross-site scripting, lack of web site security, directory traversal, lack of AJAX security from poor programing, Apache web server vulnerabilities, and lack public Cloud provider security measures such as WordPress.
AI-enabled IoT penetration testing: state-of-the-art and research challenges
Published in Enterprise Information Systems, 2023
Claudia Greco, Giancarlo Fortino, Bruno Crispo, Kim-Kwang Raymond Choo
• Web application vulnerabilities such as client-side injection, cross-site scripting (XSS), sensitive data leakage, insecure authentication and authorisation mechanisms, and cross-site request forgery (CSRF) (Gupta (2019)).