{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T12:52:23Z","timestamp":1774356743849,"version":"3.50.1"},"reference-count":70,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2021,5,25]],"date-time":"2021-05-25T00:00:00Z","timestamp":1621900800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010783","name":"Slovensk\u00e1 Akad\u00e9mia Vied","doi-asserted-by":"publisher","award":["N\/A"],"award-info":[{"award-number":["N\/A"]}],"id":[{"id":"10.13039\/100010783","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web browser of the client by including code in a legitimate web page. A serious matter is when a website accepts the \u201cuser-input\u201d option. Attackers can exploit the web application (if vulnerable), and then steal sensitive data (session cookies, passwords, credit cards, etc.) from the server and\/or from the client. However, the difficulty of the exploitation varies from website to website. Our focus is on the usage of ontology in cybersecurity against XSS attacks, on the importance of the ontology, and its core meaning for cybersecurity. We explain how a vulnerable website can be exploited, and how different JavaScript payloads can be used to detect vulnerabilities. We also enumerate some tools to use for an efficient analysis. We present detailed reasoning on what can be done to improve the security of a website in order to resist attacks, and we provide supportive examples. Then, we apply an ontology model against XSS attacks to strengthen the protection of a web application. However, we note that the existence of ontology does not improve the security itself, but it has to be properly used and should require a maximum of security layers to be taken into account.<\/jats:p>","DOI":"10.3390\/jcp1020018","type":"journal-article","created":{"date-parts":[[2021,5,25]],"date-time":"2021-05-25T13:14:21Z","timestamp":1621948461000},"page":"319-339","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Ontology for Cross-Site-Scripting (XSS) Attack in Cybersecurity"],"prefix":"10.3390","volume":"1","author":[{"given":"Jean Rosemond","family":"Dora","sequence":"first","affiliation":[{"name":"Institute of Mathematics, Slovak Academy of Sciences (MUSAV), \u0160tefanikov\u00e1 49, 811 04 Bratislava, Slovakia"}]},{"given":"Karol","family":"Nemoga","sequence":"additional","affiliation":[{"name":"Institute of Mathematics, Slovak Academy of Sciences (MUSAV), \u0160tefanikov\u00e1 49, 811 04 Bratislava, Slovakia"}]}],"member":"1968","published-online":{"date-parts":[[2021,5,25]]},"reference":[{"key":"ref_1","unstructured":"(2021, May 24). Available online: https:\/\/www.webarxsecurity.com\/website-hacking-statistics-2018-Feb."},{"key":"ref_2","unstructured":"(2021, May 24). 73 Important Cybercrime Statistics: 2020\/2021 Data Analysis & Projections. Available online: https:\/\/financesonline.com\/cybercrime-statistics\/."},{"key":"ref_3","unstructured":"Fatma, A. (2020). Statistics of Cybercrime from 2016 to the First Half of 2020. Int. J. Comput. Sci. Netw., 9, Available online: https:\/\/www.researchgate.net\/profile\/Fatma-Mabrouk-3\/."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Joachim, B.U., and Gaute, W. (2021, May 24). A Systematic Review of Cybersecurity Risks in Higher Education. Available online: https:\/\/www.mdpi.com\/1999-5903\/13\/2\/39.","DOI":"10.3390\/fi13020039"},{"key":"ref_5","unstructured":"(2021, May 24). Foundation of Semantic Rule Engine to Protect Web Application Attacks, Department of Computer Science, Tokyo Institute of Technology. Available online: https:\/\/ieeexplore.ieee.org\/document\/5741285."},{"key":"ref_6","unstructured":"(2021, May 24). Available online: https:\/\/www.geeksforgeeks.org\/intrusion-detection-system-ids\/."},{"key":"ref_7","unstructured":"Mohamad, G., and John, M. (2021, May 24). Core Ontology for Privacy Requirements Engineering. Available online: https:\/\/arxiv.org\/pdf\/1811.12621.pdf."},{"key":"ref_8","unstructured":"Takeshi, T., and Youki, K. (2021, May 24). Reference Ontology for Cybersecurity Operational Information. Available online: https:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?tp=&arnumber=8205615."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"512","DOI":"10.1007\/s13198-015-0376-0","article-title":"Cross-Site Scripting (XSS) Attacks and Defense Mechanisms: Classification and State-of-the-Art","volume":"8","author":"Shashank","year":"2017","journal-title":"Int. J. Syst. Assur. Eng. Manag."},{"key":"ref_10","unstructured":"(2021, May 24). Available online: https:\/\/www.netsparker.com\/blog\/web-security\/cross-site-scripting-xss\/."},{"key":"ref_11","unstructured":"(2021, May 24). Available online: https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1084804518302042."},{"key":"ref_12","unstructured":"(2021, May 24). Available online: https:\/\/noscript.net\/."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Abdalla, W., and Zarul, F. Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting. ScienceDirect 2019, 1173\u20131181. Available online: https:\/\/pdf.sciencedirectassets.com\/302082.","DOI":"10.1016\/j.procs.2019.11.230"},{"key":"ref_14","unstructured":"(2021, May 24). Available online: https:\/\/www.mdpi.com\/2076-3417\/10\/14\/4740\/htm."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Nguyen, T.T., Maleehuan, P., Aoki, T., Tomita, T., and Yamada, I. (2019, January 25\u201331). Reducing false positives of static analysis for sei cert C coding standard. Proceedings of the Joint 7th International Workshop on Conducting Empirical Studies in Industry and 6th International Workshop on Software Engineering Research and Industrial Practice, IEEE Computer Society, Montreal, QC, Canada.","DOI":"10.1109\/CESSER-IP.2019.00015"},{"key":"ref_16","first-page":"1555","article-title":"Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities","volume":"64","year":"2020","journal-title":"Comput. Mater. Contin. CMC"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Shashank, G., and Gupta, B.B. (2021, May 24). XSS-Secure as a Service for the Platforms of Online Social Network-Based Multimedia Web Applications in Cloud. Available online: https:\/\/doi.org\/10.1007\/s11042-016-3735-1.","DOI":"10.1007\/s11042-016-3735-1"},{"key":"ref_18","unstructured":"(2021, May 24). Available online: https:\/\/github.com\/payloadbox\/xss-payload-list."},{"key":"ref_19","unstructured":"(2021, May 24). Available online: https:\/\/www.udemy.com\/course\/advancedEthicalHacking\/XSS-Enum&Explhttps:\/\/jrdacademy.thinkific.com\/."},{"key":"ref_20","unstructured":"(2021, May 24). Available online: https:\/\/www.w3schools.com\/jsref\/jsref_fromcharcode.asp."},{"key":"ref_21","unstructured":"(2021, May 24). Available online: https:\/\/angular.io\/guide\/upgrade."},{"key":"ref_22","unstructured":"Ksenia, P. (2021, May 24). Impact of Frameworks on Security of JavaScript Applications. Faculty of the School of Engineering and Applied Science of the George Washington University. Available online: https:\/\/media.proquest.com\/media\/hms\/PFT\/2\/."},{"key":"ref_23","unstructured":"(2021, May 24). Available online: https:\/\/www.udemy.com\/course\/advancedEthicalHacking\/PwnLab-VM-enumerationANDexploitation."},{"key":"ref_24","unstructured":"Alba, G., Rafael, M., and Mariano, R. (2021, May 24). Integrative Base Ontology for the Research Analysis of Alzheimer\u2019s Disease-Related Mild Cognitive Impairment. Available online: https:\/\/www.frontiersin.org\/articles\/10.3389\/fninf.2021.561691\/full."},{"key":"ref_25","unstructured":"Sina, K., Ivanka, I., and David, S. (2021, May 24). An ontology-based approach to data exchanges for robot navigation on construction sites. Available online: https:\/\/arxiv.org\/abs\/2104.10239https:\/\/arxiv.org\/ftp\/arxiv\/papers\/2104\/2104.10239.pdf."},{"key":"ref_26","unstructured":"Muthana, Z., and Alex, F. (2021, January 27\u201330). An Ontology-Based Approach for Curriculum Mapping in Higher Education. Proceedings of the 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA. Available online: https:\/\/ieeexplore.ieee.org\/abstract\/document\/9376163\/metrics#metrics."},{"key":"ref_27","unstructured":"Luca, S., Caryn, B., and Lethabo, M. (2021, May 24). A Formal Concept Analysis Driven Ontology forICS Cyberthreats. Available online: https:\/\/sacair.org.za\/wp-content\/uploads\/2021\/01\/SACAIR_Proceedings-MainBook_vFin_sm.pdf#page=262."},{"key":"ref_28","unstructured":"Esther, A., and Ricardo, S. (2021, May 24). Using Ontologies in Autonomous Robots Engineering. Available online: https:\/\/www.intechopen.com\/online-first\/using-ontologies-in-autonomous-robots-engineering."},{"key":"ref_29","unstructured":"(2021, May 24). Available online: https:\/\/www.researchgate.net\/profile\/by Mark Alan Musen."},{"key":"ref_30","unstructured":"Abdul, S., Mohammad, N.A., Ely, S.M.S., and Ahmad, K.M. (2021, May 24). An Improved Methodology for CollaborativeConstruction of Reusable, Localized, and Shareable Ontology. Available online: https:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?tp=&arnumber=9335604."},{"key":"ref_31","unstructured":"(2021, May 24). Available online: https:\/\/www.sciencedirect.com\/science\/article\/pii\/by Elena."},{"key":"ref_32","unstructured":"(2021, May 24). Available online: https:\/\/www.isi.edu\/gil\/papers\/gil-melz-aaai96.pdf."},{"key":"ref_33","unstructured":"Patrick, Z., and Klaus, R.D. (2021, May 24). Data Integration\u2014Problems, Approaches, and Perspectives. Available online: https:\/\/link.springer.com\/chapter\/10.1007%2F978-3-540-72677-7_3."},{"key":"ref_34","unstructured":"Benomrane, S., Sellami, Z., and Ayed, M.B. (2021, May 24). An Ontologist Feedback Driven Ontology Evolution with an Adaptive Multi-Agent System. Available online: https:\/\/daneshyari.com\/article\/preview\/241899.pdf."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"39","DOI":"10.22456\/2175-2745.75048","article-title":"Combining Artificial Intelligence, Ontology, andFrequency-Based Approaches to Recommend Activities inScientific Workflows","volume":"25","author":"Adilson","year":"2018","journal-title":"Rev. Inform. Teor. Apl."},{"key":"ref_36","unstructured":"Pascal, H. (2021, May 24). Semantic Web. Available online: https:\/\/daselab.cs.ksu.edu\/sites\/default\/files\/2020_CACM_SWsurvey-authorversion.pdf."},{"key":"ref_37","unstructured":"Sun, J., Zhang, H., Li, Y.F., and Wang, H. (2005, January 16\u201320). Formal Semantics and Verification for Feature Modeling. Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems, Shanghai, China. Available online: https:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.119.7748&rep=rep1&type=pdf."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1775","DOI":"10.1142\/S0218194018400284","article-title":"Object-Oriented Modeling with Ontologies Around: A Survey of Existing Approaches","volume":"28","author":"Selena","year":"2018","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"ref_39","unstructured":"Calvanese, D., De Giacomo, G., Lembo, D., Len-zerini, M., Poggi, A., and Rosati, R. (2007, January 17\u201320). Ontology-Based Database Access. Proceedings of the 15th Italian Conf. on Database Systems (SEBD 2007), Fasano, Italy. Available online: https:\/\/www.ijcai.org\/Proceedings\/2018\/0777.pdf."},{"key":"ref_40","unstructured":"Leif, S. (2021, May 24). Ontology Mediated Querying with Horn Description Logics. Available online: https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13218-020-00674-7.pdf."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Maedche, A. (2003). Ontology Learning for the Semantic Web, Kluwer Academic Publishers.","DOI":"10.1007\/978-1-4615-0925-7"},{"key":"ref_42","unstructured":"(2021, May 24). Available online: http:\/\/dai.fmph.uniba.sk\/sefranek\/kri\/handbook\/chapter03.pdf."},{"key":"ref_43","unstructured":"Hustadt, U., Motik, B., and Sattler, U. (2004, January 2\u20135). Reducing SHIQ-description logic to disjunctive Datalog programs. Proceedings of the International Conference on Principles of Knowledge Representation and Reasoning (KR2004), Whistler, BC, Canada. Available online: https:\/\/www.researchgate.net\/publication\/221393441."},{"key":"ref_44","unstructured":"Sergio, T., Enrico, F., Thomas, E., Claudio, G., Siegfried, H., Marie-Christine, R., and Renate, A.S. (September, January 30). Reasoning Web: Semantic Technologies for Information Systems. Proceedings of the 5th International Summer School 2009, Brixen-Bressanone, Italy. Available online: https:\/\/link.springer.com\/content\/pdf\/10.1007%2F978-3-642-03754-2.pdf."},{"key":"ref_45","unstructured":"Andrew, L., and Ridha, K. (2016, January 23\u201326). Conto: A Prot\u00e9g\u00e9 Plugin for Configuring Ontologies. Proceedings of the 7th International Conference on Ambient Systems, Networks and Technologies (ANT), Madrid, Spain. Available online: https:\/\/pdf.sciencedirectassets.com\/280203\/."},{"key":"ref_46","unstructured":"Ban, S.M., and Ibrahiem, A. (2021, May 24). An Ontology for Mosul University. Available online: https:\/\/csmj.mosuljournals.com\/pdf_163515_d7cfe071d91dea2d36882a2219cba6b6.html."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"106174","DOI":"10.1016\/j.knosys.2020.106174","article-title":"Home service robot task planning using semantic knowledge and probabilistic inference","volume":"204","author":"Wang","year":"2020","journal-title":"Knowl. Based Syst."},{"key":"ref_48","unstructured":"Kittiphong, S., and Romchat, K. (2021, May 24). Ontology-Based Semantic Integration of Heterogeneous Data Sources Using Ontology Mapping Approach. Available online: http:\/\/www.jatit.org\/volumes\/Vol98No22\/13Vol98No22.pdf."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1016\/j.fiae.2015.03.006","article-title":"Knowledge Representation Using Type-2 Fuzzy Rough Ontologies in Ontology Web Language","volume":"7","author":"Nilavu","year":"2015","journal-title":"Fuzzy Inf. Eng."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s13326-020-00233-x","article-title":"An Ontology-Based Approach for Developing a Harmonised Data-Validation Tool for European Cancer Registration","volume":"12","author":"Nicholson","year":"2021","journal-title":"J. Biomed. Semant."},{"key":"ref_51","unstructured":"(2021, May 24). Available online: https:\/\/protege.stanford.edu\/publications\/ontology_development\/."},{"key":"ref_52","unstructured":"Robinson, E.P. (2021, May 24). Network Science and Cybersecurity. Available online: https:\/\/link.springer.com\/book\/10.1007%2F978-1-4614-7597-2https:\/\/www.researchgate.net\/profile\/Alexander_Kott\/publication\/."},{"key":"ref_53","unstructured":"Alessandro, O., and Lorrie, F. (2021, May 24). Building an Ontology of Cyber Security. Available online: pdfs.semanticscholar.org\/3590\/."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"168","DOI":"10.1007\/s11633-016-0950-1","article-title":"An Ontology-based Approach to Security Pattern Selection","volume":"13","author":"Hui","year":"2016","journal-title":"Int. J. Autom. Comput."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Cains, M.G., Flora, L., Taber, D., King, Z., and Henshel, D.S. (2021, May 24). Defining Cyber Security and Cyber Security Risk within a Multidisciplinary Context using Expert Elicitation. Available online: https:\/\/onlinelibrary.wiley.com\/doi\/full\/10.1111\/risa.13687.","DOI":"10.1111\/risa.13687"},{"key":"ref_56","unstructured":"Andrew, L., and Alicia, M. (2021, May 24). Toward Measuring Knowledge Loss due to Ontology Modularization. Available online: https:\/\/www.researchgate.net\/profile\/Andrew_Leclair\/publication\/."},{"key":"ref_57","unstructured":"Tom, G. (2021, May 24). Ontology for attack detection: An intelligent approach to web application security. Available online: http:\/\/tomgruber.org\/writing\/ontology-definition-2007.htm."},{"key":"ref_58","unstructured":"Danny, V., and Glen, R.R. (2021, May 24). Ontologies for Network Security and Future Challenges. Available online: https:\/\/www.researchgate.net\/publication\/315881325_Ontologyhttps:\/\/arxiv.org\/pdf\/1704.02441.pdf."},{"key":"ref_59","unstructured":"Debashis, M., and Chandan, M. (2021, May 24). Towards an Ontology for Enterprise Level Information Security Policy Analysis. Available online: https:\/\/www.scitepress.org\/Papers\/2021\/102480\/102480.pdf."},{"key":"ref_60","unstructured":"Lalit, M.S., Vivek, I., and Raghu, R. (2021, May 24). OntoEnricher: A Deep Learning Approach forOntology Enrichment from Unstructured Text. Available online: https:\/\/arxiv.org\/pdf\/2102.04081.pdf."},{"key":"ref_61","unstructured":"Abdul, R., Khalid, L., and Farooq, H.A. (2021, May 24). Semantic security against web application attacks. Available online: https:\/\/www.sciencedirect.com\/science\/article\/abs\/pii\/S0020025513005677."},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"12","DOI":"10.4018\/ijcwt.2012070102","article-title":"A computer network attack taxonomy and ontology","volume":"2","author":"Irwin","year":"2012","journal-title":"Int. J. Cyber Warf. Terror."},{"key":"ref_63","unstructured":"Martins, B.F., Serrano, L., Reyes, J.F., Panach, J.I., Pastor, O., and Rochwerger, B. (2021, May 24). Conceptual Characterization of Cyber security Ontologies. Available online: http:\/\/personales.upv.es\/jopana\/Files\/Conferences\/POEM2020_Conceptual_characterization.pdf."},{"key":"ref_64","unstructured":"Helmar, H., Salva, D., Christian, M., and Thomas, K. (2021, May 24). Ontology-Based Cybersecurity and Resilience Framework. Available online: https:\/\/www.scitepress.org\/Papers\/2021\/102336\/102336.pdf."},{"key":"ref_65","doi-asserted-by":"crossref","unstructured":"Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C., and Bellekens, X. (2021, May 24). Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic. Available online: https:\/\/arxiv.org\/pdf\/2006.11929.pdf.","DOI":"10.1016\/j.cose.2021.102248"},{"key":"ref_66","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jisp.2007100101","article-title":"An ontology of information security","volume":"1","author":"Herzog","year":"2007","journal-title":"Int. J. Inf. Secur. Priv."},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"Abdoli, F., Meibody, N., and Bazoubandi, R. (2010). An attack ontology for computer and networks attack. Innovations and Advances in Computer Sciences and Engineering, Springer. Available online: https:\/\/link.springer.com\/chapter\/10.1007\/978-90-481-3658-2_83.","DOI":"10.1007\/978-90-481-3658-2_83"},{"key":"ref_68","unstructured":"Mario, M., and Antonina, I. (2021, May 24). Ontology-Based Approach for Cybersecurity Recruitment. Available online: https:\/\/aip.scitation.org\/doi\/pdf\/10.1063\/5.0042320."},{"key":"ref_69","unstructured":"Momcheva, G. (2021, May 24). Social networks. Available online: http:\/\/repository.kpi.kharkov.ua\/."},{"key":"ref_70","unstructured":"David, R. (2016). UCO: A Unified Cybersecurity Ontology. AAAI Workshop: Artificial Intelligence for Cyber Security, AAAIPress. Available online: https:\/\/ebiquity.umbc.edu\/_file_directory_\/papers\/781.pdf."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/1\/2\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:07:36Z","timestamp":1760162856000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/1\/2\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,25]]},"references-count":70,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,6]]}},"alternative-id":["jcp1020018"],"URL":"https:\/\/doi.org\/10.3390\/jcp1020018","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,25]]}}}