Cross-site scripting (XSS) attacks represent a critical vulnerability in web applications. Through XSS, attackers can inject malicious scripts into trusted websites, enabling them to steal data, hijack sessions, and compromise user accounts. In this paper, we propose a novel forensic analysis framework, referred to as the XSS Server-Side Forensic Framework (X4SFF), specifically designed to assist investigators in efficiently analyzing web server logs, which are essential forensic resources for detecting potential traces of XSS attacks. The framework is modular and extensible, allowing for the integration of various custom plugins for specific analyses. It operates through REST APIs, ensuring a decoupled architecture that supports interoperability with different applications and environments. This flexibility enables security professionals to customize and adapt the framework to meet the unique needs of their investigations, improving the overall effectiveness of forensic analysis.
A Modular and Scalable Framework for Effective Server-Side Forensic Analysis of XSS Attacks
Pizzolante, Raffaele;Castiglione, Arcangelo;Mastroianni, Michele;Palmieri, Francesco
2025
Abstract
Cross-site scripting (XSS) attacks represent a critical vulnerability in web applications. Through XSS, attackers can inject malicious scripts into trusted websites, enabling them to steal data, hijack sessions, and compromise user accounts. In this paper, we propose a novel forensic analysis framework, referred to as the XSS Server-Side Forensic Framework (X4SFF), specifically designed to assist investigators in efficiently analyzing web server logs, which are essential forensic resources for detecting potential traces of XSS attacks. The framework is modular and extensible, allowing for the integration of various custom plugins for specific analyses. It operates through REST APIs, ensuring a decoupled architecture that supports interoperability with different applications and environments. This flexibility enables security professionals to customize and adapt the framework to meet the unique needs of their investigations, improving the overall effectiveness of forensic analysis.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
