Advantages

Disadvantages

The researchers [61] have proposed a method for detecting DOM-based XSS attacks that employ dynamic taint tracking and context-sensitive sanitization.

This method is ineffective against stored XSS attacks.

The authors proposed that this [62] method is intended to minimize XSS attacks when used with Adobe Flash. This method also uses static analysis to detect suspicious input fields and dynamic analysis to test the suspect areas.

If the testing payload is executed, it leaves the system open to XSS attacks. When it comes to detecting XSS vulnerability sources, static analysis is only effective in a limited number of cases. Furthermore, it is only effective against malicious JavaScript code.

The researchers [63] proposed Machine-learning classifiers in the process. The set of data is then used in training classifiers to recognize XSS attacks once it has been extracted, examined, and prepared by taking the value of the URL parameter and the value of the JavaScript.

There is no automatic updating of a prepared dataset. As a result, a new attacking payload may be bypassed.

The researchers [64] proposed a method that operates by imitating the browser’s behavior. It interacts with the website in issue and detects any potentially risky places before injecting a payload for testing the system’s level of security. If the code executes, It is vulnerable to XSS attacks.

This approach cannot identify DOM-based XSS attacks.

The researchers [65] proposed a technique that operates as an intermediary between the client and the server who acts as an interceptor during the processing of a web page to detect the injection of malicious code. This method differentiates between static and dynamic websites. Vulnerabilities can be identified by injecting an attack payload into dynamic web pages. XSS attacks are possible in the event that the content is shown on the page.

This method is unable to identify DOM-based XSS attacks.