Current state of research on cross-site scripting (XSS) – a systematic literature review
Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2015
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/36950/1/Current%20state%20of%20research%20on%20cross.pdf |
| _version_ | 1796973045673361408 |
|---|---|
| author | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro , Novia Indriaty |
| author_facet | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro , Novia Indriaty |
| author_sort | Hydara, Isatou |
| collection | UPM |
| description | Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment. |
| first_indexed | 2024-03-06T08:36:51Z |
| format | Article |
| id | upm.eprints-36950 |
| institution | Universiti Putra Malaysia |
| language | English |
| last_indexed | 2024-03-06T08:36:51Z |
| publishDate | 2015 |
| publisher | Elsevier |
| record_format | dspace |
| spelling | upm.eprints-369502015-09-10T03:12:38Z http://psasir.upm.edu.my/id/eprint/36950/ Current state of research on cross-site scripting (XSS) – a systematic literature review Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro , Novia Indriaty Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment. Elsevier 2015-02 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/36950/1/Current%20state%20of%20research%20on%20cross.pdf Hydara, Isatou and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro , Novia Indriaty (2015) Current state of research on cross-site scripting (XSS) – a systematic literature review. Information and Software Technology, 58. pp. 170-186. ISSN 0950-5849; ESSN: 1873-6025 http://www.sciencedirect.com/science/article/pii/S0950584914001700 10.1016/j.infsof.2014.07.010 |
| spellingShingle | Hydara, Isatou Md Sultan, Abu Bakar Zulzalil, Hazura Admodisastro , Novia Indriaty Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title | Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title_full | Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title_fullStr | Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title_full_unstemmed | Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title_short | Current state of research on cross-site scripting (XSS) – a systematic literature review |
| title_sort | current state of research on cross site scripting xss a systematic literature review |
| url | http://psasir.upm.edu.my/id/eprint/36950/1/Current%20state%20of%20research%20on%20cross.pdf |
| work_keys_str_mv | AT hydaraisatou currentstateofresearchoncrosssitescriptingxssasystematicliteraturereview AT mdsultanabubakar currentstateofresearchoncrosssitescriptingxssasystematicliteraturereview AT zulzalilhazura currentstateofresearchoncrosssitescriptingxssasystematicliteraturereview AT admodisastronoviaindriaty currentstateofresearchoncrosssitescriptingxssasystematicliteraturereview |