With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet.\nHowever, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data\nloss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack\nwhich involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research\nstudies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for\nthose attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the\nvictims of malicious attacks. Motivated by this problem, this paper describes an â??intelligentâ? tool for detecting cross-site scripting\nflaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and\nto provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01%\nreduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach\nalso serves as a decision-making tool for the users.
Loading....