Abstract:
Today web site hacks are on the rise and pose a greater threat than the broad-based network attacks as they threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the Web. Organizations collect vast amounts of data every day, including firewall logs, system logs, and intrusion detection alerts. Analyzing web traffic out of log files has advantages over analyzing traffic from the network. Web server log files contain only a fraction of the full HTTP request and response. A network Intrusion Detection System (NIDS) is placed in the network infrastructure where it can see the traffic to and from the web application. Cross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. In this paper describes the detection of attacks on web application by analyzing user-agent field XSS log files from web servers (like Apache and IIS).
