NCI WEBSITE
NORMA eResearch @NCI Library

Hybrid Detection of Cross-Site Scripting (XSS) Vulnerabilities in Web Applications

Tools

Anandhakumar, Yogesh (2024) Hybrid Detection of Cross-Site Scripting (XSS) Vulnerabilities in Web Applications. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

Cross-Site Scripting (XSS) is a vulnerability for web applications and their security, by which attackers can inject malicious JavaScript into the system, leading to account takeover, session hijacking, or cookie stealing, among other issues. To address this, the research introduces a novel hybrid XSS detection approach and its implementation in the form of a tool named XSSFind. This tool integrates Static Application Security Testing with Dynamic Application Security Testing methodologies through white-box and black-box testing techniques to improve the discovery rate of cross-site scripting vulnerabilities. This work was motivated by existing tools that rely either on static or dynamic analysis but cannot provide comprehensive coverage. XSSFind offers the strength of both static and dynamic approaches, detecting vulnerabilities at the code level and runtime level-wise, thereby enabling a comprehensive security assessment. Results show that these combined approaches have given required results in terms of finding actual XSS vulnerabilities, making them a promising addition to the web security community. The findings further suggest directions for future improvement, such as extending payload libraries and detection models based on machine learning.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Mahajan, Kamil
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 17 Jul 2025 14:39
Last Modified: 17 Jul 2025 14:39
URI: https://norma.ncirl.ie/id/eprint/8170

Actions (login required)

View Item View Item