CRYPTOGRAPHY

ASSIGNMENT-CRYPTOGRAPHY

1. Name of the threat

Cross-Site Scripting (XXS) attack on Microsoft outlooks of android

2. System attacks by Cross-Site Scripting

The Cross-Site Scripting aims to attacks the malicious scripts of the web browser, the possible attacks can be seen in Cascading Style Sheets, Active X, Flash, Drupal, Joomla Humhub and VBScript. According to the views of Gupta & Gupta (2016), the Cross-Site Scripting attacks are most common to the JavaScript because it is the most fundamental.

The following tables have been used to represent the ranks of the attacks by the threat Cross-Site Scripting. The ranks are analysis on the basis on time analysis on the different operating system (web app).

Web applicationAttack ranks of the threat (XSS)
Drupal3rd
Joomla2nd
Humhub1st
Active X4th

Table 1: Ranked List of XSS attack

(Source: Rodríguez et al (2019)

3. How Cross-Site Scripting perform attacks

Cross-Site Scripting attacks the web browser by adding malicious code in the legitimate web application or web page. The XSS attacks the users of android Microsoft Outlook when they try to enter in the web pages through HTML. It mostly attacks when the internet users try to send malicious code in the form of the browser script. From the views of Rodríguez et al (2019) after the attacks, the Cross-Site Scripting generates the output without validating or encoding the web page.

CRYPTOGRAPHY

Figure 1: Process of XSS attacks

(Sources: Rodríguez et al (2019)

The below table shows the performances of the Cross-Site Scripting attack based on time calculations. The analysis is done on the basis of time in milliseconds in computer and mobile phone cloud platforms.

 

Web Application

Response time (in ms)

Without mobile cloud platform

Response time (in ms)

With mobile- based cloud platform (MS outlook)

Drupal20962018
Joomla23122216
Elgg27892676
Humhub31262986

 

Table 2: Performance analysis of XXS using Time calculation

(Source: Rodríguez et al (2019)

4. Mitigation Strategies of Cross-Site Scripting attack

Technical Mitigation

● Validating Input: Validating input is a strategies method of ensuring applications of web pages by rendering the correct data in order to avoid the interference of the malicious data in the system. The validating input in the Microsoft outlook is generally associated with the SQL injection.

  • Escaping: The escaping of the user inputs is one of the easiest ways of mitigating the attack of Cross-Site Scripting. The time when the internet user removes or closes the inputs it prevents the ways of attacking to HTML, URL or Javascript by the threat Cross-Site Scripting (XSS).
  • Sanitizing: The sanitizing of the system data which are used in browsing the internet or applications in the Microsoft outlook can mitigate the attack of the Cross-site scripting (XSS). Sanitizing strategy is perfect for prevention of Cross-Site Scripting attacks in the HTML of the Microsoft Outlooks.

Policy Mitigation

The following are the policy introduced in order to mitigate the cyber attacks

  • Cyber Security Enhancement Act (CSEA) 2002 of the United States
  • National Cyber Security Policy 2013 (United States)

Training Mitigation

There are a number of organizations and institutions who give the training to mitigate the cybercrime and XXS attacks;

  • Cyber Security Training for Business
  • International Training Course

5. Scope of Cross-Site Scripting attack

The cybercriminals can exploit the vulnerability scope of the Cross-Site Scripting attack; through the XXS attacks, the cybercriminals can steal the data and information from various users of different regions. According to Gupta & Gupta (2017) the Cross-site scripting attacks by cybercriminals through the process of injecting malicious in the web page and applications of Microsoft outlook and steal the data of HTML, URL and JavaScript.

The following table shows an example of the code used by the cybercriminals during performing Cross-Site Scripting.

Attack typeCode snippet of guestbookExample attack
StoredComment: <? echo $msg;?><script>alert(‘xss’);</script>
Reflected<? Echo $_GET(‘fname’);?> Not found.www.guesstbook.com? Fname=<script>alert(‘xss’);</script>
DOM-basedvar name = document.URL.indexOF (“name=”)+5; document.write (“Hello” + name);www.guestbook.com# name=<script>alert(‘xss’);</script>

Table 3: Table of XXS attack and example code

(Source: Gupta & Gupta (2017)

6. Conclusion

From the analysis of the Mitigations strategy of the Cross-site scripting, here I can conclude that the mitigations are necessary to protect the Microsoft Outlook from XXS attacks. The technical mitigations strategy includes three methods, Escaping, Validating Input and Sanitizing of the web page. I think the technical strategies can mitigate the cyberattack for a limited period of time and into a limited extends. In order to mitigate the cyber attack by Cross-site scripting policies and training strategy is needed. The training strategy can help in producing a trained professional to find the cybercriminal and prevent cybercrime. The policies mitigations of cybercrimes provide guidelines and laws to decrease the ratio of cybercrime.

Reference List

Gupta, S., & Gupta, B. B. (2016). XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arabian Journal for Science and Engineering41(3), 897-920. Retrieved from: https://link.springer.com/article/10.1007/s13369-015-1891-7 [Retrieved on: 1st December, 2019]

Gupta, S., & Gupta, B. B. (2017). Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. International Journal of System Assurance Engineering and Management8(1), 512-530. Retrieved from: https://link.springer.com/article/10.1007/s13198-015-0376-0 [Retrieved on: 30th November 2019]

Rodríguez, G. E., Torres, J. G., Flores, P., & Benavides, D. E. (2019). Cross-Site Scripting (XSS) Attacks And Mitigation: A Survey. Computer Networks, 106960. Retrieved from: https://www.sciencedirect.com/science/article/pii/S1389128619311247 [Retrieved on: 2nd December, 2019]

Best Assignment Writing Services 

When it comes to providing best assignment service online, Unique Submission makes sure to complete assignment antecedently to offer scholars enough time to proof read the given assignment before submitting it to their tutors/professors. We never compromise to timely delivery and deadlines given by our customers.

Our company is entirely customer oriented and we work as per the convenience of customer. Our customer care executives work 24*7 services to ensure that every customer receives timely help. We have a team of subject assignment experts who ensures that the students are provided essay writing help with originality and following the academic guidelines. Plagiarism free assignments are a distinct feature we offer in our by following various steps with the help of reliable plagiarism software. Unlike other assignment help sites, Unique Submission provides their service in reasonable price. We offer best writing help in the most safe, secure and pocket friendly manner.

Contact us now to get the best academic assignment help online

 

Leave a Comment