Defeating Cyber Attacks Due to Script Injection

Offensive operations have been promoted by the aggressors using computer as a tool or target, resulting, a cyber attack in web-applications of an organization or the infrastructure of entire nation. Depending upon the attacker’s target, one can classify some of the mostly occurred cyber attacks into five broad categories. It reports some of the common methods adopted in conducting these attacks and their defending techniques. This paper mainly address the possibility of cyber attacks due to the execution of malicious or unintended nature of scripts. It formulates a verification method of web document and perform experiment in the client-side using its benign script structure. This method is capable of detecting any malicious script which inserts in the web-document during transportation from server to the client or due to the previously stored content in the client or server operation. Satisfactory results have been found with the own-generated and publicly available data-set.

[1]  Min-Shiang Hwang,et al.  A nonrepudiable threshold multi-proxy multi-signature scheme with shared verification , 2004, Future Gener. Comput. Syst..

[2]  R. Sekar,et al.  Protection, usability and improvements in reflected XSS filters , 2012, ASIACCS '12.

[3]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[4]  Min-Shiang Hwang,et al.  An improvement of nonrepudiable threshold proxy signature scheme with known signers , 2004, Comput. Secur..

[5]  Jacob West,et al.  Watch What You Write : Preventing Cross-Site Scripting by Observing Program Output , 2008 .

[6]  Mingwu Zhang,et al.  Notes on Proxy Signcryption and Multi-proxy Signature Schemes , 2015, Int. J. Netw. Secur..

[7]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[8]  Evangelos P. Markatos,et al.  Hunting Cross-Site Scripting Attacks in the Network , 2010 .

[9]  Cheng-Chi Lee,et al.  A Batch Verification for Multiple Proxy Signature , 2011, Parallel Process. Lett..

[10]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[11]  V. N. Venkatakrishnan,et al.  XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.

[12]  M. Ponnavaikko,et al.  A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[13]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[14]  Yang Jingbo,et al.  A secure strong password authentication protocol , 2010, 2010 2nd International Conference on Software Technology and Engineering.

[15]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[16]  Zhenfu Cao,et al.  A nonrepudiable multi-proxy multi-signature scheme , 2004 .

[17]  Qingshui Xue,et al.  A nonrepudiable multi-proxy multi-signature scheme , 2004, SympoTIC '04. Joint 1st Workshop on Mobile Future & Symposium on Trends In Communications (IEEE Cat. No.04EX877).

[18]  Christopher Krügel,et al.  Client-side cross-site scripting protection , 2009, Comput. Secur..

[19]  Mohammad Zulkernine,et al.  MUTEC: Mutation-based testing of Cross Site Scripting , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[20]  A. Jefferson Offutt,et al.  Input validation analysis and testing , 2006, Empirical Software Engineering.