Detecting in-flight page changes with web tripwires
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Protecting the Intranet Against "JavaScript Malware" and Related Attacks
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Prevention of cross-site scripting attacks on current web applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
| Hi-index | 0.00 |
Cross-site scripting (XSS) attacks target web sites withCookie-based session management, resulting in the leakageof privacy information. Although several server-side countermeasuresfor XSS attacks do exist, such techniques havenot been applied in a universal manner, because of theirdeployment overhead and the poor understanding of XSSproblems. This paper proposes a client-side system that automaticallydetects XSS vulnerability by manipulating eitherrequest or server response. The system also shares theindication of vulnerability via a central repository. The purposeof the proposed system is twofold: to protect users fromXSS attacks, and to warn the web servers with XSS vulnerabilities.