Beruflich Dokumente
Kultur Dokumente
Akhil Nair, Pallavi Chame, Shital Gaikwad, Swapnil Ethape, Prof.Shikha Agarwal
akhil6169@gmail.com, chamepallavi@gmail.com, sdgaikwad.9822@gmail.com, reymee2141@gmail.com,
shikhamailme84@gmail.com
Computer Department AISSMS IOIT, Pune.
1. INTRODUCTION .
server side in non-persistent attack Validation and escape of
Cross Site Scripting attack (XSS) is a very serious code code is done at server side. If script is in encoded format
injection based computer security threat which enables the system is not able to detect this encoded script. Server side
unauthorized users or hackers to gain access over the web security layer implementation is hard and costly so it is not
application or site’s confidential information, when the reliable and in persistent attack malicious code is already
embedded code injected gets executed at the client side which present in database when any client request page with that
may be an HTML, JavaScript or any other scripting language page malicious code is also executed and security get
code. These kind of attacks can be performed on any site compromise. To overcome all these issues we implement
which has no input validation and has a poor security better solution in this project.
implementation over users input. The existing systems fall
short for major code injection based attacks. These attacks are
increasing day by day as the ratio of vulnerable sites are very
3. SURVEY
Mukesh Gupta, et al [1] proposed an identification and
high. This attacks are targeted and specifically designed to prediction scheme for Cross Site Scripting based attacks. Also
interfere with user interface and steal sensitive data. A better the classification of XSS attacks have be briefly explained.
security layer has to be implemented to prevent such attacks. Cross Site Scripting is a security bug that can affect web
We presented the design and implementation of a web based applications. This bug allows an attacker to inject their own
API which can be used to protect any website or web malicious code into HTML pages that are displayed to the
application against cross site scripting (XSS) based attack users. On successful execution of the malicious code, the
using content security policy (CSP). As the Internet becomes system or website action or behavior can be completely
more and more complex, newly found vulnerabilities continue changed. It also can steal user’s private data or can be
to develop and through web-based applications, these performed on behalf of the user and specifically speaking one
vulnerabilities are exploited as XSS.In our project we of the most application layer web attacks, it targets scripts
represent design and implementation of a web based security which are dynamically included in a page which executes on
API which can be used to protect any cross site scripting the client-side rather than executing on the server-side.
based attack using content security policy (CSP). This
security API is integrated on website. The API is designed in AnkitShrivastava, et al [2] proposed assessment and
such a way that resource consumption is very less and prevention mechanism’s for prevention of XSS in web
efficient. This makes the application feasible to an
1. Access Modifier
2. Mobile Application Interfacing Module
3. Access Control Module