Preventing Cross Site Scripting Attacks in Websites

摘要

Cross-Site Scripting attacks (XSS) is one type of the computer security breaches that attacker uses web application to inject his malicious code. It enables attacker to inject scripting code that executes in the browser and view by other users where attacker steal cookies from account of users and access the sensitive information in the web application. In this attack, the malicious scripting is injected that may make the website under the control of attacker. There are solutions to these attacks on the levels of client-side and server-side which can complete each other?s to provide protection for the website and web applications to prevent malicious scripts from being implemented. In this study, we clearly show and simulate how the cross site scripting disturbs the website and how to put method to prevent this vulnerability. Stored XSS attacks and Reflected XSS attacks are prevented using the encoding and filtering input. The proposed method is tested in many web site in client side and server side.