UPM Institutional Repository

Current state of research on cross-site scripting (XSS) – a systematic literature review


Citation

Hydara, Isatou and Md Sultan, Abu Bakar and Zulzalil, Hazura and Admodisastro , Novia Indriaty (2015) Current state of research on cross-site scripting (XSS) – a systematic literature review. Information and Software Technology, 58. pp. 170-186. ISSN 0950-5849; ESSN: 1873-6025

Abstract

Context: Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. Objective: To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. Method: We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Results: Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. Conclusion: XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment.


Download File

[img]
Preview
PDF (Abstract)
Current state of research on cross.pdf

Download (168kB) | Preview

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.1016/j.infsof.2014.07.010
Publisher: Elsevier
Keywords: Systematic literature review; Cross-site scripting; Security; Web applications
Depositing User: Nabilah Mustapa
Date Deposited: 25 Jul 2015 03:27
Last Modified: 10 Sep 2015 03:12
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.1016/j.infsof.2014.07.010
URI: http://psasir.upm.edu.my/id/eprint/36950
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item