Design a Web Security Testing Mechanism by Using Semantic Comparision Method to Prevent Cross Site Scripting Attacks

There are two faces of every coin, so is true for the web applications also. With the growing demand for online services web
applications have become pervasive and with such exponential growth has increased the exploitation of the web application
vulnerabilities also. JavaScript, which is the backbone in supporting a dynamic client side behavior, is often exploited for evil
intentions. Malicious scripting code is injected into the application which are executed in the end user’s computer thereby
revealing the confidential parameters and compromising the security of the application. Cross Site Scripting (XSS) is certainly
standing quite ahead in the hierarchy of the most dangerous and frequently used tactics executed by the attackers. Several
defensive mechanisms are employed to prevent XSS attacks and reinforce the applications against them, however the attackers
also are quite innovative and come up with newer attacking mechanisms. In this paper we try to apply Static Analysis to identify
the XSS exploits. Although static application security testing mechanism comprehensively covers the entire code and is quite
authentic in its vulnerability identification but, such good record is marred by a high number of false positives. Thus, we try to
amalgamate static analysis and other algorithms to improve upon the cross-site scripting detection results.