Moving Target Defense Against Cross-Site Scripting Attacks (Position Paper)

Capítulo de livro Revisado por pares

Moving Target Defense Against Cross-Site Scripting Attacks (Position Paper)

2015; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-17040-4_6

ISSN

1611-3349

Autores

Joe Portner, Joel Kerr, Bill Chu,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

We present a new method to defend against cross-site scripting (XSS) attacks. Our approach is based on mutating symbols in the JavaScript language and leveraging commonly used load-balancing mechanisms to deliver multiple copies of a website using different versions of the JavaScript language. A XSS attack that injects unauthorized JavaScript code can thus be easily detected. Our solution achieves similar benefits in XSS protection as Content Security Policy (CSP), a leading web standard to prevent cross site scripting, but can be much more easily adopted because refactoring of websites is not required.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Moving Target Defense Against Cross-Site Scripting Attacks (Position Paper)