个人数据过滤:比较网络应用程序中 XSS 攻击与 Cookie 窃取有效性的系统性文献综述

IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Annals of Telecommunications Pub Date : 2024-04-18 DOI:10.1007/s12243-024-01022-8
Germán Rodríguez-Galán, Jenny Torres
{"title":"个人数据过滤:比较网络应用程序中 XSS 攻击与 Cookie 窃取有效性的系统性文献综述","authors":"Germán Rodríguez-Galán, Jenny Torres","doi":"10.1007/s12243-024-01022-8","DOIUrl":null,"url":null,"abstract":"<p>Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"38 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing\",\"authors\":\"Germán Rodríguez-Galán, Jenny Torres\",\"doi\":\"10.1007/s12243-024-01022-8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.</p>\",\"PeriodicalId\":50761,\"journal\":{\"name\":\"Annals of Telecommunications\",\"volume\":\"38 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2024-04-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Annals of Telecommunications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s12243-024-01022-8\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12243-024-01022-8","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

跨站脚本(XSS)攻击通过窃取 cookie 来泄露个人信息,对网络应用程序的安全性构成重大威胁。本研究调查了针对网站的XSS攻击与旨在窃取cookie以泄露个人信息的XSS攻击之间的关系。本研究进行了系统的文献综述,分析了 2018 年至 2023 年的 96 篇科学文章。针对检测漏洞或缓解XSS攻击的方法和工具、窃取cookie的技术以及通过窃取cookie泄露个人信息的趋势,提出了三个互补的研究问题。Rayyan Intelligent Systematic Literature、Atlas.ti 和 Research Rabbit 工具利用 IEEE Digital Xplore、ACM Digital Library、Springer Link、Web of Science 和 Mendeley 等资源为我们的分析提供了支持。使用 Research Rabbit 工具采用了滚雪球技术,以查找相关文章,避免参数和出版物不一致,并降低偏差风险。对网站的 XSS 攻击与通过 XSS 攻击窃取 cookie 的比例为 5:1。因此,必须坚持不懈地研究和引入新方法或工具来解决这一问题,并提供更好的保护,防止通过 XSS 攻击劫持 cookie。研究缺口在于了解通过 XSS 攻击窃取 cookie 是如何过滤我们的个人信息的。需要开展更多研究来填补这一空白,并开发新型技术或工具,让最终用户了解他们的个人信息是如何通过 XSS 攻击窃取 cookie 而泄露的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing

Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Annals of Telecommunications
Annals of Telecommunications 工程技术-电信学
CiteScore
5.20
自引率
5.30%
发文量
37
审稿时长
4.5 months
期刊介绍: Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.
期刊最新文献
Editorial of 6GNet 2023 special issue On the (in)efficiency of fuzzing network protocols Investigation of LDPC codes with interleaving for 5G wireless networks Opportunistic data gathering in IoT networks using an energy-efficient data aggregation mechanism Joint MEC selection and wireless resource allocation in 5G RAN
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1