Regresar

DataCookie: Sorting Cookies Using Data Mining for Prevention of Cross-Site Scripting (XSS)

Abstract:

Cross-Site Scripting (XSS) is a vulnerability in web applications; it allows the injection of scripts or malicious code to steal user sessions and cookies or bkp_redirect users to malicious sites. According to OWASP, it is included in the category of injections; it is part of the top 10 most frequent vulnerabilities in web applications in 2021. This study presents DataCookie, a model based on the data mining methodology, CRISP-DM, whose objective is to analyze cookies through decision trees. As a result, we developed in Python a script to classify the new cookies according to the rules obtained from the selected decision tree. This classification revealed that 2.19% of the websites visited by users of a public institution on a business day contain XSS vulnerabilities.

Año de publicación:

2022

Keywords:

    Fuente:

    googlegoogle

    Tipo de documento:

    Other

    Estado:

    Acceso abierto

    Áreas de conocimiento:

    • Minería de datos
    • Ciencias de la computación

    Áreas temáticas:

    • Programación informática, programas, datos, seguridad

    Contribuidores:

    Eduardo Benavides-AstudilloEduardo Benavides-Astudillo
    Germán Rodríguez-GalánGermán Rodríguez-Galán