XSS Vulnerability Scanner

A Major Project Report

submitted in partial fulfillment of the

requirements for the award of the degree
of
BACHELOR OF TECHNOLOGY
in
COMPUTER ENGINEERING

Submitted By,

Vivek Gupta [B214106]

Varun Dangri [B214114]
Roshan Ghosalkar [B214022]

Payal Warade [B214096]

Under Guidance of,

Prof. Ashwini Mane

SCHOOL OF COMPUTER ENGINEERING AND TECHNOLOGY

Alandi (D), Pune – 412105, Maharashtra (INDIA)

MAY 2022

1
 CERTIFICATE

This is hereby certified that the work which is being presented in the B.Tech. Major
Project Report entitled ”XSS Vulnerability Scanner”, in partial fulfillment of the
requirements for the award of the Bachelor of Technology in Computer Engineering
and submitted to the School of Computer Engineering & Technology of MIT
Academy of engineering, Alandi(D), Pune is an authentic record of work carried out
during an Academic Year 2021-2022, under the supervision of Prof. Ashwini Mane
School of Computer Engineering & Technology.

Varun Dangri PRN No. 0120180554 Exam Seat No. B214114

Vivek Gupta PRN No. 0120180525 Exam Seat No. B214106
Payal Warade PRN No. 0120180502 Exam Seat No. B214096
Roshan Ghosalkar PRN No. 0120180127 Exam Seat No. B214022

Date:

Signature of School Dean

Signature of Project Guide
Dean,
Project Guide,
School of Comp. Engg & Technology, MIT
School of Computer Engineering and
AOE, Alandi(D), Pune
Technology, MIT AOE, Alandi(D), Pune

Signature of External Examiner/s Signature of Director

Name:
Director,
Affiliation:
MIT AOE, Alandi(D), Pune

2
Abstract
As usual, to ensure security developers assume the role of penetration tester. Though
over the years there is exponential growth in digital business and hacking attempts,
there is a need for better technology. Here we have an automated vulnerability scanner
to scan automatically rather than manual. The automated scanners are used in business
to detect Security threats. Automated scanners make work easy and time efficient, it
can test hundreds of apps within an hour. Over a long period of time XSS remains the
most common website/application vulnerability. Cross-site scripting which is also called
XSS. It’s a cybersecurity(web vulnerability) that allows the attacker to gain control over
the interactions of a vulnerable website/application on which users operates. In a
victim's browser , the attacker aims to execute scripts by including malicious code in
normal web pages. These types of attacks are quite common in a vulnerable
website/application that have input from the user. In the XSS attack, an attacker exploits
the website and steals the user credentials, personal data and can change the data
through which it reaches the victims browser, which causes the user to download the
malware. Cross-site vulnerability scanner is needed to identify all types of
cross-site(XSS) vulnerabilities to protect the business and their assets as well.

3
Acknowledgment

We want to express our gratitude towards our respected project guide Prof. Ashwini
Mane under whom we have carried our project work. Her constant encouragement
and valuable guidance during the project work encouraged us with the constant flow
of energy to continue the work. We would like to express our gratitude towards our
guide Prof. Bhagyashree Alhat for their kind cooperation and encouragement which
helped us in the completion of this project. We would like to express our special
gratitude and thanks to industry persons for giving us such atten- tion and time. We
also want to express our gratitude towards respected School Dean Prof. Ranjana
Badre for her continuous encouragement. We would be failing in our duty if we do
not thank all the other staff and fac- ulty members for their experienced advice and
evergreen co-operation.

Roshan Ghosalkar
Varun Dangri
Vivek Gupta
Payal Warade

4
Contents

Abstract 3

4
Acknowledgement

1 Introduction

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8

1.3 Project Idea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.4 Proposed Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Literature Review

2.1 Related work And State of the Art . . . . . . . . . . . . . . . . . . . 9-11

2.2 Limitation of State of the Art techniques . . . . . . . . . . . . . . . . 11

5
3 Problem Definition and Scope

3.1 Problem statement 12

3.2 Goals and Objectives 12

4 Systems Analysis and Design

4.1 Specific Requirements 13

4.2 System Analysis 15-18

5 Methodology 19

6 Implementation

6.1 System Implementation 20

6.2 Aggregation of Rules and Defuzzification 20

6.3 Programming Implementation 20

7 Performance Analysis 21

8 Conclusion & Future Work 22

Bibliography 23-24

6
 Chapter 1

Introduction
1.1 Introduction

XSS Vulnerability scanners mostly used for the purpose, to detect early security threats,
unauthorized deceives ate discovered, to identify a host of the issues and verification of the
network device and inventory which includes, Vulnerabilities that hacker can exploit to penetrate
our network or malware that inflict threats that has already infiltrated the network/threats posed
by employees , contactors and any insiders. Types of cross site scripting like XSS, DOM XSS and
persistent XSS are automatically detected by the XSS vulnerability scanner. A vulnerability scanner is
a computer program which is designed to have access to computers, networks and many other
applications have known limitations. The system weakness is discovered by these type of scanners.
In simple words, vulnerability is a potential security threat that hackers can exploit and take
advantage. Downtime of controls of the system is caused by hackers when they try to exploit the
weakness. Cross-site scripting is also a well known web security web security vulnerability.
Cross-site scripting involves the misuse of input authentication errors, with the intention of injecting
an invalid script code later used into a victim's web browser. One of the most exciting things to do to
prevent this type of risk is the use of risk scanners. XSS vulnerability allows the attacker to avoid the
same root policy, which was designed to separate different websites into one. Cookie theft,
temporary website corruption, injecting malicious content or reading sensitive information pages
for victims of the wide range of risks through Cross-Site Scripting. Scan operation is two steps:

1. Targeted detection: Here in this first step is to identify all the sites on the page including the
injection parameters in the form of URLs, headers, etc. is done with a tool.
2. JavaScript code parser tool includes some HTML characters and tries to see if they are
returned to the response page without dumping.

Therefore, risk scanners are important in identifying risks that bad players can use to compromise
systems and data

1.2 Background

1. XSS vulnerability scanner automatically detect any type of Cross-site scripting vulnerability,
including blind and reflective XSS, DOM XSS and persistent XSS.
2. Cross-Site Scripting (XSS) is one of the most well-known web application vulnerabilities.
3. Scanner gets a link from the user and scans the website for XSS vulnerability by injecting
malicious scripts at the input place..
It works in two steps:

○ Find the target: In this first step, the tool tries to identify all the places on the page including
injectable parameters in forms, URLs, headers, etc.
7
○ The tool injects a piece of JavaScript code, including some special HTML characters (>, <, ", ')
and it will try to see if they are returned in the response page without sanitization.

1.3 Project Idea

In the implementation of the project we are basically building a XSS vulnerability

Scanner Which Scans the website vulnerability through its source link and let us
know that the website is vulnerable or not.

1.4 Proposed Solution

We have already identified the existing solution to the problem statement. When irrational
thinking involves solving a problem well.

1.4.1 Detecting XSS attack

We are correcting the detection of any xss or redirect risks that may be triggered by using a
malformed url to deliver incorrect records in place of embedded web pages (both
statistically and dynamically structured). As we know it is malicious data included in any
program API and can be vulnerable to any XSS attacks by hackers.
There seven way to introduced XSS vulnerabilities into web applications

Steps Process

X1 document.location

X2 document.referrer

X3 document.location.href

X4 window.location

X5 document.cookie

X6 document.URLUnencoded,

X7 location.header

8
 Chapter 2

Literature Review
2.1 Related work And State of the Art

Cross site scripting is a type of security threat that researchers have addressed in a variety of ways.
Existing methods start with design methods, which work for web developers to prevent XSS
attacks. Also detection tools detect XSS vulnerabilities on certain websites or applications.
A good solution is that we will use design methods that take into account the security features of
the web application [3], Black-box vulnerability scanners are widely used in industry reproduction
(XSS) attack automatically. In addition to the technical experience and advancement of previous
work, it was shown that black box scanners missed neglected risk areas, and reported existing,
unusable or uninteresting risks.
In the papers [2], Cross site scripting and SQL injection blocking in web applications are proposed.
Different types of risks have been successfully identified using a specific algorithm.
Saved XSS may not be signed immediately. This is an additional challenge faced in detecting XSS
stored vulnerabilities, especially black box scanners [4].
Proposed work from a comparative analysis of previous work, it is noted that the proposed
method exceeds the previous web risk scanners for accurate relationships, risk detection and false
rating [5]. .
In Proposed Paper [1], a service-based architecture prevents XSS attacks on web applications
regardless of which language and platform will be developed using XML and XSD validating user
inputs via XML documents.

In a research paper [6] the implementation of a multi-agency program was introduced that allows
three different agents to operate separately.
This paper proposes a genetic solution [7] to detect and remove XSS attacks on web applications.
Use GA (Genetic Algorithm) operators to detect and remove XSS vulnerabilities in all three types.
One well-known pattern similar to the algorithm [8] Boyer – Moore String Matching Algorithm.
This method compares pattern letters with text characters from right to left using two heuristic
elements. Excessive risk to fulfill the conditions you want.
Researchers have proposed XSS-side
client solutions [10]. Many server-side blocking methods include vertical or dynamic code
analysis to detect risk and proxy-based filters and XSS filter-based solutions, and machine learning
(ML).
They suggested a mixed solution to prevent XSS attacks.

The objectives of this study [9] are:

● Improving understanding of the many risks of XSS attacks.
● Identifying and comparing potential defense mechanisms.
● Identify solutions or effective ways to prevent risk. exploitation XSS attacks

9
 ● Summary of best practice solutions and recommendations based on risk assessed.
● Risks and impacts associated with XSS attacks.
● Exploitation and Risk Recovery of XSS.
● Create XSS Imitation Attacks on XAMPP System.

In the paper [12] they used different types of attacks such as Defacement, Cookie Stealing, Session
Hijacking, Denial Of Service. Use the SDLC section to minimize XSS attacks.
Cleanliness, installation confirmation, web proxy, Embedded Browser Policy (BEEP), Saner,
deDcaota, NOXES etc. [11]. To see XSS Jevitha uses a
machine learning algorithm to prevent XSS attacks: ● AppShield firewall tool
(blocking server side)
● NOXES (blocking on the client side)
● Saner Tool (both)
In this paper [13], the authors introduced the D-WAV tool to determine the risks of web
application based on the analysis of web form symbols. According to empirical research, they have
found that their tool can quickly and automatically detect the dangers of a web system and can
significantly reduce test costs.
This paper [14] discusses XSS risk classification, and identifies specific risks for exploitation. The
paper presents a comprehensive study of the latest research on XSS detection methods, dividing
these methods into three types: consistent analysis, dynamic analysis, and mixed analysis. The
methods discussed in this paper have their pros and cons, and to date they have not done so. it
was the perfect way. In addition to detection, another method is to prevent the vector injection of
the attack. Neural networks are good at extracting features from data, and can detect hidden
information in data.
This paper [15] has developed an automated risk scanner for injection attacks. In this case, the
authors used a system that automatically scans the risk of injection attacks. The system
automatically analyzes the websites for the purpose of finding a usable SQL injection and XSS
vulnerability. It has been able to locate many potential websites at risk.
This paper [16] introduces a method and a risk assessment tool based on the use of symbolic code
using Static Taint Analysis to improve the efficiency of the analysis. The tool directs PHP web
applications, and demonstrates the effectiveness of our approach in identifying global scripts and
SQL injection vulnerabilities in both NIST performance benchmarks and real-world applications. It
proves to be faster and more efficient than its main competitors, open source and commercial.
This paper [17] investigates the parameters of the XSS malicious attack. We determine whether the
parameter is malicious or not by obtaining user input parameters with the SVM algorithm. The
vicious XSS parameters of the original are corrupted by the DQN algorithm in order to validate
WAF-based readings into anti-virus. Based on this method, we can determine whether a particular
WAF is secure. The above model creates an automated XSS acquisition tool and a highly targeted
pay-per-view production tool. This paper also examines the automatic production of XSS attack
codes with the RNN LSTM algorithm.
Many types of conflicting text attacks and how they affect the security of the web application. It is
a genetic-based solution [18] that allows web application developers to detect XSS vulnerabilities
in source code by covering a small number of test cases. It also proposes a mixed method of
removing the risks identified during the acquisition phase. It was initially dismissed as a low risk to
web applications.
Page [19] shows how attackers can expose and exploit application-level risks in a wide range of
online applications automatically. To that end, we created SecuBat, a standard and standard web
scanner, like a scanner, that automatically scans websites for SQL injection and XSS vulnerability.
We were able to identify a large number of websites that may be at risk using SecuBat. We
10
 selected 100 interesting websites from the list of victims for further investigation and verified the
useful vulnerabilities of the displayed web pages to ensure SecuBat accuracy. Common input
verification problems are the source of many web application security errors. SQL injection and
Cross-Site Scripting are two examples of such errors (XSS).
The main objective of this study [20] was to establish a better hashing method for detecting and
preventing SQLIA and XSS risks. The methodology has been used successfully and is fully capable of
resolving the risks of SQLIA and XSS. By creating a suitable compression function where each input
unit influences as many outgoing pieces as possible, the SHA512 hashing algorithm is used to
produce a robust, secure cryptographic hash function. The number of test cases generated for use
and testing results in the strongest and most reliable SQLIA and XSS solution.
In this article [21] we look at how XSS risks are created and how they are used in depth. We have
developed an XSS vulnerability scanning system based on anti-filter rules after investigating web
server filtering methods. XSS Vulnerability Test Library has been expanded and upgraded using this
process. As a result, XSS vulnerability coverage has been upgraded, and web system security is
guaranteed. All user data is treated as unreliable data by web system developers. They deal with it
in various ways to reduce the security risks of the internet system. Common uses for filtering and
processing unreliable data in many internal layers of web system logic, in addition to firewall outside
the web system, IDS, IPS, and other methods. and filtering based on thread processing.

Recent research [22] in the web application security center focuses on attack prevention and secure
encryption methods; The latest tactics of that attack not only produce high false scores but also
ignore users who are often the victims of vicious attacks. Inspired by this problem, this paper
describes a “smart” tool for detecting text errors of various locations in web applications. This paper
describes the method used based on the abstract concept to identify the weaknesses of the ancient
XSS and to provide specific results for testing. Our diagnostic framework recorded a 15%
improvement in accuracy and a 0.01% reduction in the level of lying significantly lower than that
found in the current job.

This paper [23] suggests a way to assess the risk of injection code in web applications. We are
encouraged to note that conventional risk assessment methods work best when the volume values
of certain parameters of a risk calculation model are known in advance. In fact, it is difficult to
predict accurately. In addition, the risk of a single code injection can be used in a variety of ways
that may result in different types of intensity. In addition, different types of injection risks and their
effects cannot be integrated into existing methods.
To address these limitations, we propose the Fuzzy Logic-based System (FLS) to assess the risk due
to the different types of code injection risks. Our additional contribution is a set of proposed level
level metrics that can be used to establish language words to express risk levels and their impact.
We explore our approach with three real-world web applications used in PHP, and apply SQL
Injection. (SQLI) and Cross-Site Scripting (XSS), two of the most frequently reported risks in modern
web applications.

2.2 Limitation of State of the Art techniques

● It does not recognize patterns relating to machine learning.

● It is hard to set concrete rules for a specific problem.
● The validation of a fuzzy logic system requires thorough testing.
● It uses imprecise data, which may sometimes make it generate inaccurate results.

11
Chapter 3

Problem Definition and Scope

3.1 Problem statement

To detect XSS vulnerability in a website by using XSS Scanner

3.2 Goals and Objectives

● Cross-Site attack is to inject malicious code to run on web pages that trust their users
● These code will be executed like the codes that reach server to the client and can
access all the information such as cookies, session etc.

12
 Chapter 4

Systems Analysis and Design

4.1 Specific Requirements

The advanced machine scans web sites over and over again, creating the internal image
of the website online in a manner similar to a shape tree called node status nodes. Those
path nodes can be indexes, documents, or documents with POST or GET parameters.
This is because by continuing to read the content of the web page, the crawling engine
conducts several searches everywhere possible, seeking to determine if miles are a
record or listing.
Algorithm

Input: web application

Output: XSS vulnerabilities// “(DOM testing module),”
dom DOM = parse (web application)
node = [ ];
for (var i = 0; i < arguments.length; i++) {
element.push (doc.getElementById (arguments[i])) ;
return node element;
doc = new HTML Document (testDom);
jQuery.setDocument (doc);// (“Running DOM Test”);
var all = jQuery(“∗”), good = true;
for (var i = 0; i < all.length; i++) ;
for (all [i].nodetype) {
run() {
basic_tests();
id_test();
class_tests();
name_tests();
window_location_tests();
header_tests();
13
referer_attributes_tests();
location_header_tests();
url_encoded_tests();
document_location_tests();
pseudo_form_tests();
}
return vulns summary();
Application should also have a metaphorical icon that displays the purpose of the app as
a whole . While using the app, a user's click will trigger a panel containing a placeholder
where we have to enter the location in the form of the name of the city of a particular
state and a submit button . upon clicking the submit button the app will give out the
livability index in the next window .

14
4.2 System Analysis(Designing)

4.2.1 Use case Diagram

15
4.2.3 Activity Diagram

4.2.4 Sequence Diagram:

16
4.2.5 Data Flow Diagram:

17
18
 Chapter 5

Methodology
5.1 System Architecture
Input to the detection system will be detected by removing the suspected malicious activity
from web pages. Then, we update the script code in order to compile the embedded url and
extract the attributes associated with the elements and then transfer them to an
incomprehensible inference system so that we can detect potential vulnerabilities.
5.1.1 The fuzzy logic component

This element defines the design strategy for the creation of an incomprehensible inference
process. Incomprehensible inference system uses incomprehensible rules of IF-THEN that
can reflect a quality aspect of human technology without resorting to certain quality
analysis. Because of its short stature, the incomprehensible rules of IF-THEN are often hired
to take vague thinking patterns that play an important role in a person's ability to make
decisions in an area of uncertainty and inaccuracy.
They consist of three sets of input and three sets of output activity using the integration
function of the integration strategy.

5.1.2 Defining Linguistic Variables and Terms

We use the above seven ways as input parameters for the inference system and then map
each of them with the 1 different linguistic terms (fuzzy variables): Low, Medium, and High.

5.1.3 Assignment of Membership Functions

We define the membership features of each linguistic variables change as follows: the
membership feature converts instant input rate between 0 and 1. Miscellaneous sets may
have an extension of the shape. However, triangular or trapezoid membership
representations often give a fitting image. In order to define the function of membership in
all linguistic variables, we use the triangular membership function (tmf) for simplicity and
cleanliness. The membership feature was obtained by dividing the installation area into
equal walls by a triangular structure such as Table 3, and 4 regulations each (upper, lower,
and middle).

19
Chapter 6

Implementation
6.1 System Implementation

The fuzzy rule have 2 part:

1.The antecedent
2.The precedent

Here we use the first part where the preceding words are grouped together using AND
logical operators and we produce a number of rules for extracting the predicate of the target
system.
We created twenty-one rules for our intelligible expression using the wang and mendel’s
method.

6.2 Aggregation of Rules and Defuzzification

The results from all of the clean inputs are aggregated and cut to determine the intangible
output value. Defuzzification is a program for converting diploma membership membership
certificates into clear or unambiguous values. There are various methods of defuzzification.
A local route center considers the entire area under the membership membership
functionality even if this area extends beyond the range of exit variations. Due to its
expanded scope, we follow the local route center on our noise reduction method. Different
opportunities include the center of gravity and high or low values.

6.3 Programming Implementation

The development turned into applied with the eclipse ide the use of java programming
language. Jquery web interaction interface became incorporated into the eclipse ide as a
library for smooth utilization. Java programming language turned into used to increase the
fuzzy inference machine and integrated with the eclipse ide for optimized overall
performance. The entire vega software was constructed in java with the crawling component
written in javascript. XSS detection module changed into written in jquery scripting
language. The screenshot of scanner development is shown in parent five.

20
 Chapter 7

Performance Analysis
In the course of implementation, the following performance metrics were studied:
(i) Capability to detect vulnerabilities
(ii) Accuracy
(iii) False-positive rate.

Comparison with the work by Koli et al. [29] was done using the measures (i), (ii), and (iii)
based on the number of webpages to be used for evaluation.

6.1. Accuracy
This is a measure of the degree to which the results of the test scanning conducted on the
developed framework conform to the correct values or the standard data set. Accuracy is
calculated using the following formula:
A(M) = (TNC + TPC) / TNC + FPC + FNC + TPC
Where TNC = the number of true-negative cases, FPC = the number of false-positive cases,
FNC = the number of false-negative cases, and TPC = the number of true-positive cases. our
livability based project we have done the evaluation on the basis of the Nelson’s 10 Heuristic
principle for any interface .

21
 Chapter 8

Conclusion & Future Work

XSS has performed much better than other web risk scanners with an accurate and true false
standard, depending on the results of all comparisons. In terms of the number of weaknesses
detected, it is as successful as the structures. Recognition of an incomprehensible inference system
may be responsible for improved performance indicators.

Future work on this project will includes the definition of more DOM-based features that could lead
to detection of other code and server-side injection vulnerabilities like SQL and cross-site request
forgery attacks. Also, the method could be implemented using other soft computing approaches like
genetic algorithm and neural networks.

22
Bibliography
1. Swati Maurya et al, Int.J.Computer Technology & Applications,Vol 6 (3),478-482: Cross Site
Scripting Vulnerabilities and Defences
2. Nischitha G. K, Sahana S, Santhosh Kumar B. J. : Detection and Avoidance of Web
Vulnerability using XSS
3. Enrico Bazzoli 1 , Claudio Criscione 1 , 2 , Federico Maggi 1 , and Stefano Zanero
1 1 DEIB – Politecnico di Milano, Italy
4. Shafi Alassmi,Pavol Zavarsky, Dale Lindskog,RonRuhl: An Analysis of the
Effectiveness of Black-Box Web Application Scanners in Detection of Stored XSSI
Vulnerabilities
5. K. Joylin Bala, E.Babu Raj, A. M. Anusha Bamini, XSS Attack Prevention over
Code Injection Vulnerabilities in Web Applications
6. E. Gal´an, A. Alcaide, A. Orfila, J. Blasco University Carlos III of Madrid, UC3M Leganes, Spain
7. Isatou Hydara , Abu Bakar Md Sultan ,Hazura Zulzalil, Novia Admodisastor, An
Approach for Cross-Site Scripting Detection and Removal Based on Genetic Algorithms
8. Ain Zubaidah Mohd Saleha, Nur Amizah Rozalia, Alya Geogiana Buja, A Method for Web
Application Vulnerabilities Detection by Using Boyer-Moore String Matching Algorithm
9. Jalen Mack, Yen-Hung (Frank) Hu, Mary Ann Hoppa, A Study of Existing Cross-Site Scripting
Detection and Prevention Techniques Using XAMPP and VirtualBox
10. PMD Nagarjun, Shaik Shakeel Ahamad, Cross-site Scripting Research: A Review
11. Monika Rohilla ,Rakesh Kumar , Girdhar Gopal, XSS Attack: Detection and
Prevention Techniques
12. Ms. Daljit Kaur, Dr. Parminder Kaur, Cross-Site-Scripting Attacks and Their Prevention during
Development
13. Lijiu Zhang, Qing Gu, Shushen Peng, Xiang Chen, Haigang Zhao : D-WAV: A Web
Application Vulnerabilities Detection Tool Using Characteristics of Web Forms
14. Miao Liu, Boyu Zhang, Wenbin Chen and Xuniai Zhang, A survey of exploitation and
detection methods of XSS vulnerabilities
15. Jan-Min Chen , Chia-Lun Wu : An Automated Vulnerability Scanner for Injection
Attack Based on Injection Point
16. Giovanni Agosta, Alessandro Barenghi, Antonio Parata, Gerardo Pelosi, Automated
Security Analysis of Dynamic Web Applications through
Symbolic Code
Execution.
17. Lin Li1 , Linfeng Wei School of Intelligent Systems Science and Engineering, Jinan University,
Zhuhai, China School of Cyber Security, Jinan University, Guangzhou,
China: Automatic XSS Detection and Automatic Anti-anti-virus Payload
Generation
18. Jyotiraditya Tripathi, Bhawana Gautam, Dr. Satwinder Singh : Detection and
Removal of XSS Vulnerabilities with the Help of Genetic Algorithm
19. Stefan Kals, Engin Kirda, Christopher Kruegel, and Nenad Jovanovic, SecuBat: A Web
Vulnerability Scanner

23
20. Shegaw Demessie Bogale , Hailemichael Kefie Tamiru : Detection and Prevention of web
application from SQLI and XSS Attack
21. Bo-wen LIU , Jun WANG , Jian-yi LIU , Ru ZHANG , Wen-xin SUN and
Yuan-gang YAO : XSS Vulnerability Scanning Algorithm Based on Anti-filtering Rules
22. Bakare K. Ayeni, Junaidu B. Sahalu, and Kolawole R. Adeyanju: Detecting
Cross-Site Scripting in Web Applications Using Fuzzy Inference System
23. Hossain Shahriar and Hisham Haddad:Risk Assessment of Code Injection
Vulnerabilities Using Fuzzy Logic-Based System

24