Detecting and eradicating XSS (cross-site scripting) vulnerability in asp.net web applications

Abstract

Web Applications are subjected to a variety of security attacks nowadays. Hence, apart from the aspects like design, accessibility of web applications which are considered as vital for the sustainability and effectiveness of them, the security aspect is also equally important. Cross-site scripting (XSS) is one such type of malicious attack on Web applications. The attacks are in the form of injections where harmful scripts are injected into otherwise trusted websites and occurs when the attacker uses a web application to send malicious code to a different end user. The end user’s browser generally does not have any way to know that the source script is not trustworthy and hence executes the script. Because the browser thinks that the source of the script is trusted, the script can access any cookies, session tokens or sensitive information retained by the browser. Also, these scripts even have the capability to rewrite the contents of an HTML page. So, the covert nature of these types of attack as well as the damage they caninduce has led to a number of studies on this subject, that is cross-site scripting (XSS).