Exploring Guidance for Prevent Against XSS Attacks in Open CMSs

الملخص EN

Personal information, as well as web pages security are important for everyone because attackers used to steel our sensitive information or damaged that websites.

Cross Site Scripting XSS is one type of the methods that is used by attackers.

Since web browser supports the execution of scripting commands embedded in the retrieved content, attacker can exploit this feature maliciously to violate the client security.

Content Management Systems CMSs give web developer an easy way to have personal websites, for those people without security prior experience, and who would be under great hunting of attackers.

They believe that Content Management System just a plug-in, but it is really a website.

In this paper, we concentrate on crossing site scripting attacks problem, as one of the most common attacks in the recent World Wide Web.

In this research, experiments are limited to Joomla and WordPress websites.

At the end, we extracted some security guidance and rules in general for all Content Management Systems designers.

Some of these rules are beneficial; especially for Joomla and WordPress developers.

In this work, we trained a group of amateurs to develop their websites using Joomla and WordPress through our extracted security guidance.

We believe that this work was not done before.