The Design and Implementation of the Random HTML Tags and Attributes-Based XSS Defence System
暂无分享,去创建一个
At present, cross site scripting (XSS) is still one of the biggest threat for Internet security. But the defensive approach is still feature matching mostly; that is, to check for a matching and filter in all information submitted. However, filtering technology has many disadvantages as heavy-workload, complex-operation, high-risk and so on. For this reason, our system use the randomization techniques of HTML tags and attributes innovatively, based on the prefix of HTML tags and attributes, to determine the tags and attributes are Web designers expect to generate or other users insert in, and then we follow the results to carry out different policies, only tags and attributes that Web designers expected to generate can be rendered and implemented. By this way, we can defend against XSS attacks completely. The test results show that the system is able to solve a variety of problems in filtering technology. It uses simple and convenient operation and safe and secure effect to free developers from heavy filtering work. System has a good compatibility and portability across platforms, it also can connect with all web-based applications seamlessly. In all, system defend against XSS better and meet the need of today’s XSS attacks defence.
[1] Franz Wotawa,et al. XSS pattern for attack modeling in testing , 2013, 2013 8th International Workshop on Automation of Software Test (AST).
[2] PageKicker Robot Phil. OWASP Top 10: The Top 10 Most Critical Web Application Security Threats Enhanced with Text Analytics and Content by PageKicker Robot Phil 73 , 2014 .