Preventing Client-Side Attack in Web Applications Through Web Services

Cross-Site Scripting (XSS) is a prominent threat in web based application caused through a malicious input to the application. It is a type of Client-side attack which targets on the vulnerable areas in the web applications by interacting with malicious server or data. In Cross-Site Scripting (XSS) an attacker can inject malicious scripting code into the input or the header of the application. The injected malicious scripting code will be executed and reveals sensitive information to the attacker. In order to prevent cross-site scripting, we have proposed a web service based detection and prevention mechanism by verifying the user request and response. To implement our mechanism every request and response will be fetched through servlet filter and it will be analysed to check the presence of any malicious injected script. The identification of the malicious script is by constructing a graph with the input of user request and server response of the application. If any malicious script is found that will be replaced with equivalent entity character reference to prevent XSS attack. As a result, the user has an additional protection layer when performing online commercial activities without solely depending on the security of the web application.