XSS2DENT, Detecting Cross-Site Scripting Attacks (XSS) Vulnerabilities: A Case Study
Abstract:
Based on the OWASP Top 10 Security Risk, Cross-Site Scripting (XSS) attacks rank seventh, according to the latest report released in 2017. To execute this attack, a web application is used to send malicious code, generally in the form of a script on the browser side. To verify the level of vulnerability of educational establishments in Santo Domingo de los Tsachilas city against this threat, a model has been proposed, whose objective is to obtain information by executing a controlled, combined and camouflaged attack in a security cybernetics challenge, distributed through flyers with a QR Code, to students from different areas in the city. With this information, a report was prepared in order to socialize vulnerable establishments, with information that allowed them to review the status of their security infrastructure and establish new blocking rules against this attack. The results indicate that our model was successfully executed in 3 universities. In addition, it is shown how our attack spread beyond the city limits, reaching countries such as Mexico, Argentina, Colombia, among others.
Año de publicación:
2022
Keywords:
- XSS
- Clickjacking
- Zombie
Fuente:
scopus
googleTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Software
Áreas temáticas:
- Programación informática, programas, datos, seguridad
- Funcionamiento de bibliotecas y archivos
- Otros problemas y servicios sociales
