A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity
Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specific...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Elsevier
2022-11-01
|
Series: | Journal of King Saud University: Computer and Information Sciences |
Subjects: | |
Online Access: | http://www.sciencedirect.com/science/article/pii/S1319157822003299 |
_version_ | 1798006163747373056 |
---|---|
author | Dragan Korać Boris Damjanović Dejan Simić Kim-Kwang Raymond Choo |
author_facet | Dragan Korać Boris Damjanović Dejan Simić Kim-Kwang Raymond Choo |
author_sort | Dragan Korać |
collection | DOAJ |
description | Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks. |
first_indexed | 2024-04-11T12:50:36Z |
format | Article |
id | doaj.art-4f6c0cf29b464e3fba8d48b40f5ee70e |
institution | Directory Open Access Journal |
issn | 1319-1578 |
language | English |
last_indexed | 2024-04-11T12:50:36Z |
publishDate | 2022-11-01 |
publisher | Elsevier |
record_format | Article |
series | Journal of King Saud University: Computer and Information Sciences |
spelling | doaj.art-4f6c0cf29b464e3fba8d48b40f5ee70e2022-12-22T04:23:13ZengElsevierJournal of King Saud University: Computer and Information Sciences1319-15782022-11-01341092849300A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurityDragan Korać0Boris Damjanović1Dejan Simić2Kim-Kwang Raymond Choo3University of Banja Luka, Bosnia and Herzegovina; Corresponding author.University of Union Nikola Tesla, SerbiaUniversity of Belgrade, FON, SerbiaUniversity of Texas at San Antonio, San Antonio, TX, USACross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks.http://www.sciencedirect.com/science/article/pii/S1319157822003299Cross-site scripting (XSS)FusionHybrid XSS attack (HYXSSA)Attack vectorCybersecurityWork from home |
spellingShingle | Dragan Korać Boris Damjanović Dejan Simić Kim-Kwang Raymond Choo A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity Journal of King Saud University: Computer and Information Sciences Cross-site scripting (XSS) Fusion Hybrid XSS attack (HYXSSA) Attack vector Cybersecurity Work from home |
title | A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity |
title_full | A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity |
title_fullStr | A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity |
title_full_unstemmed | A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity |
title_short | A hybrid XSS attack (HYXSSA) based on fusion approach: Challenges, threats and implications in cybersecurity |
title_sort | hybrid xss attack hyxssa based on fusion approach challenges threats and implications in cybersecurity |
topic | Cross-site scripting (XSS) Fusion Hybrid XSS attack (HYXSSA) Attack vector Cybersecurity Work from home |
url | http://www.sciencedirect.com/science/article/pii/S1319157822003299 |
work_keys_str_mv | AT dragankorac ahybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT borisdamjanovic ahybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT dejansimic ahybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT kimkwangraymondchoo ahybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT dragankorac hybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT borisdamjanovic hybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT dejansimic hybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity AT kimkwangraymondchoo hybridxssattackhyxssabasedonfusionapproachchallengesthreatsandimplicationsincybersecurity |