Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Hi-index | 0.00 |
XSS attacks are the number one attacks in the Web applications. Web applications are becoming the dominant way to provide access to online services. In this paper however we will deal with protecting some resources such as cookies using cryptography. Our research proposes a method to confute attackers in using stolen cookies by encrypting the data that will be stored in the cookie. We assume that users profile can be stored in a cookie, so we should encrypt such data with a dynamic key driving from some dynamic inputs. Each time user logging in web site a new key will be generated and will be stored in the data base. Also we suppose that the data base is protecting by server side mechanism and we will only deal with client side protecting.