Prevention of XSS attack using Cryptography & API integration with Web Security

The vulnerability of web-based applications has increased manifold primarily due to the ever-increasing time spent on the web. Cross site scripting (XSS) attack are one of the most prominent attacks that are executed when the attacker get success over API key authentication and successfully execute their malicious script code at server end. Of the two types of XSS that are popular in the hacking world i.e. server side XSS and client side XSS, server-side attacks are more frequent and vulnerable. Various methodologies have been developed in the recent past to handle XSS attacks API authentication based techniques, handling access at server end etc. However, these methodologies suffer from one or more limitation of handling the attack from one perspective. In this paper, we demonstrate a multi-layer prevention technique wherein we defend the attacker hit at API key authentication level using an encrypted that prevents the attacker easy access to API directly. In the next layer we convert the script code execution request into plain text which is coming from any untrusted party, so that plain text will not execute over browser. Thus, our proposed framework provides an effective solution to protect our environment from XSS attacks.