A Server Side Solution for Protection of Web Applications from Cross-Site Scripting Attacks

Cross-Site scripting attacks occur when accessing information in intermediate trusted sites. Cross-Site Scripting (XSS) is one of the major problems of any Web application. Web browsers are used in the execution of commands in web pages to enable dynamic Web pages attackers to make use of this feature and to enforce the execution of malicious code in a user’s Web browser. This paper describes the possibilities to filter JavaScript in Web applications in server side protection. Server side solution effectively protects against information leakage from the user’s environment. Cross-Site scripting attacks are easy to execute, but difficult to detect and prevent. The flexibility of HTML encoding techniques, offers the attacker many possibilities for circumventing server-side input filters that should prevent malicious scripts from being injected into trusted sites. Cross site scripting (XSS) attacks are currently the most exploited security problems in modern web applications. These attacks make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input.