Abstract

Several works are in progress in the direction of web communication. The major threats are content sniffing, Cross-Site Scripting (XSS) and SQL Injection attacks. In content sniffing data is altered from any unauthorized script. XSS is a variant of this where malicious programs/scripts are executed from the client node for fake presence and steals the data. In SQL injection malicious SQL statements are inserted to monitor the database from the outside environment. The main aim of this paper is to detect the XSS attack and prevent the data from the final alteration. For this we are considering two types of time evaluation. First time is time to translating JSP script to java programs for data sending which is called C-Time and second time is for identification of vulnerable outputs that is called E-Time. Based on the timing comparison we will prove that our methodology has better detection in comparison to the traditional system.

Keyword

Content sniffing, XSS, SQL Injection, C-Time, E-Time.

Cite this article

Refference