View in EDS

XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript Code.

Saved in:

Bibliographic Details
Title:	XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript Code.
Authors:	Gupta, Shashank, Gupta, B.
Source:	Arabian Journal for Science & Engineering (Springer Science & Business Media B.V. ); Mar2016, Vol. 41 Issue 3, p897-920, 24p
Subject Terms:	JAVASCRIPT programming language, HTML (Document markup language), WEB-based user interfaces
Abstract:	Nowadays, Web applications are considered to be one of the most ubiquitous platforms for providing the information and service release over the World Wide Web, particularly those deployed in health care, banking, e-commerce operations, etc. Boom of social networking sites and modern Web applications that transfer dynamic information to the client-side Web browsers has increased the user-generated and feature-rich HTML content on the Internet. This enhanced HTML content includes a malicious attack vector for Web-related attacks. Cross-site scripting (XSS) attacks are presently the most exploited security problems in modern Web applications and activated by an attacker to utilize the vulnerabilities of the poorly written Web application source code. Users across all over the popular social networking Web sites are exposed to XSS attacks. These attacks are generally caused by the malicious scripts, which do not validate the user-injected input appropriately and exploit the vulnerabilities in the source code of the Web applications. It results in the loss of confidential information such as stealing of cookies, theft of passwords, and other private credentials. In this paper, we propose a robust framework known as XSS-SAFE (Cross-Site Scripting Secure Web Application FramEwork), which is a server-side automated framework for the detection and mitigation of XSS attacks. XSS-SAFE is designed based on the idea of injecting the features of JavaScript and introduced an idea of injecting the sanitization routines in the source code of JavaScript to detect and mitigate the malicious injected XSS attack vectors. We repeatedly inject the feature content, generate rules, and insert sanitization routines for the discovery of XSS attacks. We have evaluated our approach on five real-world JavaServer Pages (JSP) programs. The results indicate that XSS-SAFE detects and mitigates most of the previously known and unknown XSS attacks with minimum false positives, zero false-negative rate, and low runtime overhead. [ABSTRACT FROM AUTHOR]
	Copyright of Arabian Journal for Science & Engineering (Springer Science & Business Media B.V. ) is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database:	Complementary Index

Full Text Finder

Nájsť tento článok vo Web of Science

Description
Abstract:	Nowadays, Web applications are considered to be one of the most ubiquitous platforms for providing the information and service release over the World Wide Web, particularly those deployed in health care, banking, e-commerce operations, etc. Boom of social networking sites and modern Web applications that transfer dynamic information to the client-side Web browsers has increased the user-generated and feature-rich HTML content on the Internet. This enhanced HTML content includes a malicious attack vector for Web-related attacks. Cross-site scripting (XSS) attacks are presently the most exploited security problems in modern Web applications and activated by an attacker to utilize the vulnerabilities of the poorly written Web application source code. Users across all over the popular social networking Web sites are exposed to XSS attacks. These attacks are generally caused by the malicious scripts, which do not validate the user-injected input appropriately and exploit the vulnerabilities in the source code of the Web applications. It results in the loss of confidential information such as stealing of cookies, theft of passwords, and other private credentials. In this paper, we propose a robust framework known as XSS-SAFE (Cross-Site Scripting Secure Web Application FramEwork), which is a server-side automated framework for the detection and mitigation of XSS attacks. XSS-SAFE is designed based on the idea of injecting the features of JavaScript and introduced an idea of injecting the sanitization routines in the source code of JavaScript to detect and mitigate the malicious injected XSS attack vectors. We repeatedly inject the feature content, generate rules, and insert sanitization routines for the discovery of XSS attacks. We have evaluated our approach on five real-world JavaServer Pages (JSP) programs. The results indicate that XSS-SAFE detects and mitigates most of the previously known and unknown XSS attacks with minimum false positives, zero false-negative rate, and low runtime overhead. [ABSTRACT FROM AUTHOR]
ISSN:	2193567X
DOI:	10.1007/s13369-015-1891-7