XSS Application Worms: New Internet Infestation and Optimized Protective Measures

There has been considerable increase in application layer attacks. Research surveys show that the cross site scripting (XSS) attack is most common among all the application layer attacks. Ajax Web technology, by design makes number of calls to the Web server to process a user request. This increases the bandwidth usage and response time due increase in the number of calls to the Web server. If security mechanisms are implemented to protect the application, then the server performance will suffer due to the additional processing required thereby resulting in increased response time. If security mechanisms are implemented to protect the application, then the server performance will suffer due to the increased response time because of the increase in number of requests. This problem demands an efficient approach to protect the Web application from XSS attacks and to block the malicious attempts from reaching the Web application. This paper presents a thread based solution for efficient process utilization of the Web server and to prevent XSS threats. The proposed solution has been tested using Java/JSP on JBOSS server on around 2000 vulnerable XSS input collected from various research sites, white hat and black hat sites. The model is also tested with the combination of non vulnerable input and vulnerable input to assess the performance. The approach is found to be effective compared to the earlier research works.