Please use this identifier to cite or link to this item:
http://dspace.dtu.ac.in:8080/jspui/handle/repository/22997Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | GOYAL, BHARGAVI | - |
| dc.contributor.author | Kumar, Manoj (SUPERVISOR) | - |
| dc.date.accessioned | 2026-07-06T09:14:48Z | - |
| dc.date.available | 2026-07-06T09:14:48Z | - |
| dc.date.issued | 2026-06 | - |
| dc.identifier.uri | http://dspace.dtu.ac.in:8080/jspui/handle/repository/22997 | - |
| dc.description.abstract | Cross-Site Scripting (XSS) is a dangerous problem in web applications in which at tackers inject malicious scripts and bypass security controls. In the worst scenario, the attacker steals the session and login token and illegally takes access to the victim’s ac count. In this study, XSS attacks are described in detail, and the attack is divided into four major stages: persistence, execution, egress, and replay. Previous studies mainly focus on detecting XSS attacks and classifying them, whereas this study explains the whole process of how an attack progresses from vulnerability to session hijack. By implementing the demo prototype for a web application, this study demonstrates that a stored XSS attack leads to session-cookie exposure and session hijacking in a controlled research setting. The study also examines the effectiveness of preventing HttpOnly, SameSite and CSP-like security prevention attacks at each stage. The find ings demonstrate that cookie-based protection protects tokens or cookies from theft, and browser-based protection provides higher security by preventing scripts from exe cuting. However, the effectiveness of these protections depends on real-world factors such as proper configuration, deployment, and the complexity of the application. According to the study for strong security, a “defence in depth” strategy should be used, which means that at different stages, multiple security layers should be used to prevent an attack. Using a combination of demonstration and evaluation, the research presents a systematic overview of the XSS attack and the ways to strengthen the security of Web applications in the highly complex situation. | en_US |
| dc.language.iso | en | en_US |
| dc.relation.ispartofseries | TD-8898; | - |
| dc.subject | CROSS-SITE SCRIPT ING (XSS) | en_US |
| dc.subject | COOKIE AND BROWSER | en_US |
| dc.subject | MODERN WEB APPLICATIONS | en_US |
| dc.subject | DEFENCE MECHANISMS | en_US |
| dc.title | DECONSTRUCTING CROSS-SITE SCRIPT ING (XSS) EXPLOITATION: A STAGE-WISE EVALUATION OF COOKIE AND BROWSER-BASED DEFENCE MECHANISMS IN MODERN WEB APPLICATIONS | en_US |
| dc.type | Thesis | en_US |
| Appears in Collections: | M.E./M.Tech. Computer Engineering | |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| Bhargavi Goyal M.tech.pdf | 3.16 MB | Adobe PDF | View/Open | |
| Bhargavi Goyal plag.pdf | 5.77 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.



