Portal de Periódicos da CAPES

Current state of research on cross-site scripting (XSS) – A systematic literature review

2014; Elsevier BV; Volume: 58; Linguagem: Inglês

10.1016/j.infsof.2014.07.010

1873-6025

Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil, Novia Admodisastro,

Information and Cyber Security

Cross-site scripting (XSS) is a security vulnerability that affects web applications. It occurs due to improper or lack of sanitization of user inputs. The security vulnerability caused many problems for users and server applications. To conduct a systematic literature review on the studies done on XSS vulnerabilities and attacks. We followed the standard guidelines for systematic literature review as documented by Barbara Kitchenham and reviewed a total of 115 studies related to cross-site scripting from various journals and conference proceedings. Research on XSS is still very active with publications across many conference proceedings and journals. Attack prevention and vulnerability detection are the areas focused on by most of the studies. Dynamic analysis techniques form the majority among the solutions proposed by the various studies. The type of XSS addressed the most is reflected XSS. XSS still remains a big problem for web applications, despite the bulk of solutions provided so far. There is no single solution that can effectively mitigate XSS attacks. More research is needed in the area of vulnerability removal from the source code of the applications before deployment.