Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures

Social network usage has increased exponentially in recent years. Platforms like Facebook, Twitter, Google+, LinkedIn and Instagram, not only facilitate sharing of personal data but also connect people professionally. However, development of these platforms with more enhanced features like HTML5, CSS, XHTML and Java Script expose these sites to various vulnerabilities that may be the root cause of various threats. Therefore, social networking sites have become an attack surface for various cyber-attacks such as XSS attack and SQL Injection. Numerous defensive techniques have been proposed, yet with technology up-gradation current scenarios demand for more efficient and robust solutions.

Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures is a comprehensive source which provides an overview of web-based vulnerabilities and explores XSS attack in detail. This book provides a detailed overview of the XSS attack; its classification, recent incidences on various web applications, and impacts of the XSS attack on the target victim. This book addresses the main contributions of various researchers in XSS domain. It provides in-depth analysis of these methods along with their comparative study. The main focus is a novel framework which is based on Clustering and Context based sanitization approach to protect against XSS attack on social network. The implementation details conclude that it is an effective technique to thwart XSS attack. The open challenges and future research direction discussed in this book will help further to the academic researchers and industry specific persons in the domain of security.

社交網絡的使用在近年來呈指數級增長。像是Facebook、Twitter、Google+、LinkedIn和Instagram等平台，不僅方便個人數據的分享，也能在專業上連結人們。然而，這些平台的發展，如HTML5、CSS、XHTML和JavaScript等更強大的功能，也使得這些網站容易受到各種漏洞的攻擊，這可能是各種威脅的根源。因此，社交網絡站點已成為各種網絡攻擊（如XSS攻擊和SQL注入）的攻擊面。雖然已提出了許多防禦技術，但隨著技術的升級，目前的情況需要更高效和強大的解決方案。

《跨站腳本攻擊：分類、攻擊和對策》是一本全面的資料來源，提供了網絡漏洞的概述，並詳細探討了XSS攻擊。本書詳細介紹了XSS攻擊的分類，以及對各種網絡應用程序的最新事件和對目標受害者的XSS攻擊的影響。本書還介紹了各種研究人員在XSS領域的主要貢獻。它深入分析了這些方法，並進行了比較研究。主要關注的是一個基於聚類和基於上下文的淨化方法的新框架，以保護社交網絡免受XSS攻擊。實施細節結論表明，這是一種有效的技術來阻止XSS攻擊。本書討論的開放挑戰和未來研究方向將有助於學術研究人員和行業特定人士在安全領域的進一步研究。

B. B. Gupta received PhD degree from Indian Institute of Technology Roorkee, India in the area of Information and Cyber Security. He published more than 200 research papers in International Journals and Conferences of high repute including IEEE, Elsevier, ACM, Springer, Wiley, Taylor & Francis, Inderscience, etc. He has visited several countries, i.e. Canada, Japan, USA, UK, Malaysia, Australia, Thailand, China, Hong-Kong, Italy, Spain etc to present his research work. His biography was selected and published in the 30th Edition of Marquis Who's Who in the World, 2012. Dr. Gupta also received Young Faculty research fellowship award from Ministry of Electronics and Information Technology, Government of India in 2018. He is also working as principal investigator of various R&D projects. He is serving as associate editor of IEEE Access, IEEE TII, and Executive editor of IJITCA, Inderscience, respectively. At present, Dr. Gupta is working as Assistant Professor in the Department of Computer Engineering, National Institute of Technology Kurukshetra India. His research interest includes Information security, Cyber Security, Mobile security, Cloud Computing, Web security, Intrusion detection and Phishing.

Pooja Chaudhary is currently pursuing her PhD Degree from National Institute of Technology (NIT), Kurukshetra, Haryana, India, in Information and Cyber Security area. She has completed her Master of Technology (M.Tech) degree in area of Cyber Security from National Institute of Technology (NIT), kurukshetra, Haryana, India. She has received her B.Tech degree in Computer Science and Engineering from Bharat Institute of Technology, Meerut, India, affiliated to Uttar Pradesh Technical University. Her areas of interest include Online Social Network (OSN) security, Big data analysis and security, Database security and cyber security, and Internet of Security (IoT) Security. She has published a number of research papers with various reputed publishers, i.e. IEEE, Springer, Wiley, Inderscience and so on.

B. B. Gupta在印度羅爾基爾科技學院獲得了資訊與網路安全領域的博士學位。他在國際知名期刊和會議上發表了200多篇研究論文，包括IEEE、Elsevier、ACM、Springer、Wiley、Taylor & Francis、Inderscience等。他曾訪問過加拿大、日本、美國、英國、馬來西亞、澳大利亞、泰國、中國、香港、意大利、西班牙等多個國家，展示他的研究成果。他的傳記被選為2012年《世界名人錄》第30版中的一部分。2018年，Gupta博士還獲得了印度電子與信息技術部頒發的青年教師研究獎。他還擔任多個研發項目的首席調查員。他分別擔任IEEE Access、IEEE TII的副編輯和IJITCA的執行編輯。目前，Gupta博士在印度國家技術研究所庫魯克薛特拉分校的計算機工程系擔任助理教授。他的研究興趣包括信息安全、網絡安全、移動安全、雲計算、網絡安全、入侵檢測和釣魚等領域。

Pooja Chaudhary目前在印度哈里亞納邦庫魯克薛特拉國立技術研究所攻讀資訊與網路安全領域的博士學位。她在印度哈里亞納邦庫魯克薛特拉國立技術研究所完成了資訊與網路安全領域的碩士學位。她在印度北方邦技術大學附屬的巴拉特技術學院獲得了計算機科學與工程的學士學位。她的研究興趣包括在線社交網絡安全、大數據分析和安全、數據庫安全和網絡安全、以及物聯網安全。她已經在多個知名出版商，如IEEE、Springer、Wiley、Inderscience等發表了多篇研究論文。