Optimized client side solution for cross site scripting
暂无分享,去创建一个
The rapid growth of internet resulted in feature rich, dynamic Web applications. This increase in features also introduced completely new underestimated attack vectors. Cross site scripting (XSS) attacks are currently the most exploited security problems in modern Web applications. These attacks make use of vulnerabilities in the code of Web-applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-side countermeasures for XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. The existing client-side solutions degrade the performance of client¿s system resulting in a poor Web surfing experience. This paper introduces a client side solution that uses a step by step approach to detect XSS, without degrading much the user¿s Web browsing experience.
[1] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[2] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[3] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[4] Richard Sharp,et al. Specifying and Enforcing Application-Level Web Security Policies , 2003, IEEE Trans. Knowl. Data Eng..