Storage Security and Predictable Folder Structures in Cloud Computing

The open nature of the html content and URLs used to access other resources used to render the page leaves the folder structure and location of those files vulnerable to robots, external hackers and malicious insider attacks, typically referred to as XSS attack. A malicious user can study the html structure and find out the pattern or folder structure of stored files and with the help of robots or crawlers it can try to access reset of the files residing there on server irrespective of whether he was or was not authorized to get them and could use those files file ï vary from simple ones based on is only the resources are stolen from the web page content or the directories are crawled and all the resources from those locations are accessed, listed or used. XSS attack is easy to be launched with little efforts while its damage is severe in case of cloud

Security Techniques and Solutions for Preventing the Cross-Site Scripting Web Vulnerabilities: A General Approach

The growth of social networking sites across the World Wide Web is directly proportional to the complex user- created HTML content and this habit is rapidly becoming the norm rather than exception. Complex user created web message is a threat for cross site scripting (XSS) attacks that hits various websites and confidential user data. In this state, processes that prevent web applications to XSS attacks have been of recent interest for researchers. Most of the web applications and confidential user data have security problem with XSS attacks. Using this method an attacker embeds his malicious script into application’s output. This contaminated response of server is sent to a user’s web browser where it is executed and user’s sensitive data is transmitted to a third party. Recently XSS attack is prevented on server side, by thoroughly examining, filtering and removing malicious content inserted by hacker. For social networking sites the criticality of XSS attacks gets even higher because the hackers can try more socially engineered attacks where the target user can be fooled by thinking that an attack link is coming from his ‘friend’. The presented solution focuses on prevention techniques for cross-site (XSS) attacks both on server side and on the client side by keeping a track of all user requests and information. We have also discussed various recent XSS attacks in real world and have done analysis that why filtering mechanisms are so abortive and being failed in defending these attacks

Approaches to detect SQL injection and XSS in web applications

ABSTRACT We are increasingly relying on web, and accessing important information as well as transmitting data through it. At the same time, quantity and impact of security vulnerabilities in such applications has grown as well. Billions of transactions are performed online with the help of various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. In this whole scenario a well-designed injection can provide access to malicious or unauthorized users and mostly achieved through SQL injection and Crosssite scripting (XSS). In this paper we are going to provide a detailed survey of various kinds of SQL injection, XSS attacks and approaches to detect and prevent them. Furthermore we are also going to provide a comparative analysis of different approaches against these attacks. And then we are also going to present our findings and note down future expectations and expected development of counter measures against these attacks

Prevention of Cross-Site Scripting Attacks on Current Web Applications

Security is becoming one of the major concerns for web applications and other Internet based services, which are becoming pervasive in all kinds of business models and organizations. Web applications must therefore include, in addition to the expected value offered to their users, reliable mechanisms to ensure their security. In this paper, we focus on the specific problem of preventing cross-site scripting attacks against web applications. We present a study of this kind of attacks, and survey current approaches for their prevention. The advantages and limitations of each proposal are discussed, and an alternative solution is introduced. Our proposition is based on the use of X.509 certificates, and XACML for the expression of authorization policies. By using our solution, developers and/or administrators of a given web application can specifically express its security requirements from the server side, and require the proper enforcement of such requirements on a compliant client. This strategy is seamlessly integrated in generic web applications by relaying in the SSL and secure redirect calls