A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture

Research data shows that, about 80% of the web applications are vulnerable to cross site scripting attacks. This is because of the fact that the users are allowed to enter tags in the input control for increasing the flexibility in handling web applications input. This increases the threat to the web application by allowing the hackers to plant worms in the web applications through the features like tags. Further, there are billions of web pages that are developed in different languages like PHP, ASP, JSP, HTML, CGI- PERL, .Net etc. There is no single solution available that can be applied for the web application to prevent XSS that are developed in different languages and deployed in different platforms. This paper presents a new solution to block cross site scripting (XSS) attacks that is independent of the languages in which the web applications are developed and addresses XSS vulnerabilities arise from other interfaces. The solution is modularized, configured, and developed in .Net, XML and XSD. This approach is evaluated in a web application developed in JSP/Servlets deployed in JBOSS application server and is found effective as it provides the flexibility to be used across languages with a very minimal configuration to prevent XSS.