| Summary: | Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks.
|
|---|