Copyright © All rights reserved micansinfotech.com
In this paper, the great threat Cross-Site Scripting (XSS) is introduced that faced with the web pages. Because of the impacts of such web threats during design and developing web pages, web developers must be aware and have adequate knowledge about varies type of web attacks and how to prevent or mitigate them. Web developers should have knowledge about how attackers attack websites and exploit weak points on websites during filling forms, registering and opening suspicious links or attachments in emails. The important of this subject is to provide great details and information about identifying impacting and protecting from these types of web threats. It aims to provide both web developers and users with enough knowledge while developing and using websites to prevent from such attacks and reduce them impacting and protecting from these types of web threats. It aims to provide both web developers and users with enough knowledge while developing and using websites to prevent from such attacks and reduce them. In this paper use PHP’s functions to evaluate the efficiency of web pages for implementing it and to prevent XSS attack.
This module aims to construct and maintain the profile of each individual student. It allows the system to understand the different learning needs and capabilities of each individual student. It then uses this information to improve the relevancy of the returned Web search results by selecting the most relevant personalised links. This is achieved by prioritising the links according to each profile. To accomplish this, the module has two functional components: Academic Record Analyser and Behavioural Activity Analyser.
The academic record is used to measure the individual student’s past and present academic performance. This information is derived from the Student MIS. The system also observes the student’s learning behavioural activities through his/her browsing histories and session data.
Replacement is a way to search for dangerous user inputs then substitutes those dangerous codes with correct and true characters.
Removal is a way also to find dangerous inputs but opposed to replacement by removing them.
Escaping way changes (or marks) key characters of the data to avoid it from being interpreted in a dangerous code.
Restriction way checks the user inputs to limited non- malicious.
At early websites composed with only HTML (Static websites) and are restricted to exchange data. A few years latter world wide web became commercialized, a lot of server-side languages like PHP, ASP, JSP, Java Script, and VB Script as client-side language is invented and made the web most more interactive (Dynamic websites). However, now web site and web application after invented those languages and techniques are becoming more usable, but the web threats and web attackers have also become the biggest issue for web server, so web designers need to create these components, incorporating the applicable criteria that follow.
Cross-Site Scripting (XSS) threat is a code injection attack that lets an attacker to implement or execute harmful Java Script or other web script in browser of users. The gap (weak point) lets injection of inputs comprising HTML tags and client-side scripts code . The code of XSS can be composed in any client-side scripting language. But JavaScript is used widely than other web scripts. This attack can likewise be positioned through a link in an Email or on a web page that seems to be invented from the hacker’s web page. Among those attacks, XSS is the most well – know security issues in web application in the present and it’s dangerous because it gives the opportunity to other kind of attacks
XSS is to be stated how to happen. it takes place when web forms receive malicious scripting code that has been injected to the victim computer then the web browser will execute. In this approached system, secure code PHP functions are proposed to detect and prevent form XSS attack by using two methods, the first one is to use regular expression to validate data from web forms that has been entered by the user, and the second one is another regular expression to check and protect every input entry that has a possibility to face a malicious script in it so even if the hacker inject XSS script code in the input field , this malicious code will not be allowed to be executed and immediately will be removed.in this work, vulnerable PHP web sites has used to assess the efficiency of the proposed system before and after applying it.
For preventing XSS attack such htmlEntities()and htmlspecialchar(), PHP web programming language provides built-in functions that adapt characters to HTML entities, by using regular expressions that can be found it easier, also replace and work with string as shown in algorithm, the primary strategy is AllowList regular expression, which is by tolerating just expected and trusted user inputs data it will make a validation while DenyList regular expression includes checking if the information contains unsuitable data and evacuate all conceivable suspicious characters
In this paper, XSS threats, its principles and aspects, dangers types are presented in this work. Nowadays, XSS counts as one of the prime threat for web applications. There are three types of XSS, stored XSS, reflected XSS and DOM based XSS. XSS is simply known as “script injection attacks”. Web developers must be aware to face attackers and how they attack websites and taking advantages out from weak points of websites during form filling, logging in and opening fishy links or attachments in emails.
This paper presented several types of (RG) regular expression that can be used to find threats. In the first step the (XSS) Cross Site-Scripting introduced and explained the level of risky and the main aspects for preventing and detecting from this common threats and approached a system to protecting web page while any attacker tries to run malicious code in victim’s browser, for the next step, we will try to develop a tool or extension to browser to automatically detect and prevent running malicious code in the web form.