Protecting Web Applications from Cross-Site Scripting Attacks

Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days of Internet penetration. JavaScript, a programming language developed by Netscape, came into being around the same time. The noble intention of this programming language was for designing web applications to be more interactive. However, cyber criminals also learned how to trick users to load malicious scripts into websites, thus allowing them to access confidential data or compromise services. The enormity of such attacks promoted some organizations to engage in monitoring of XSS attacks and researching on new ways to defeat attacks that are similar to XSS worm on MySpace.com social networking site in 2005. The primary Focus in this aper is to try to avoid execution of XSS attacks by providing proper validations and methods to clean the user input from any script tags. XSS attacks can be minimized by proper handling of user input in a web application, which means that’s validating the input provided by the user and stripping it of any of harmful code or tags.