XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks

Capítulo de livro Acesso aberto Revisado por pares

XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks

2012; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-31540-4_17

ISSN

1611-3349

Autores

Smitha Sundareswaran, Anna Squicciarini,

Tópico(s)

Information and Cyber Security

Resumo

Cross-site scripting attacks represent one of the major security threats in today's Web applications. Current approaches to mitigate cross-site scripting vulnerabilities rely on either server-based or client-based defense mechanisms. Although effective for many attacks, server-side protection mechanisms may leave the client vulnerable if the server is not well patched. On the other hand, client-based mechanisms may incur a significant overhead on the client system. In this work, we present a hybrid client-server solution that combines the benefits of both architectures. Our Proxy-based solution leverages the strengths of both anomaly detection and control flow analysis to provide accurate detection. We demonstrate the feasibility and accuracy of our approach through extended testing using real-world cross-site scripting exploits.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks