Bibliographic Details
| Title: |
XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications. |
| Authors: |
Gupta, Shashank, Gupta, Brij Bhooshan |
| Source: |
Security & Communication Networks; 11/25/2016, Vol. 9 Issue 17, p3966-3986, 21p |
| Subject Terms: |
HTTP (Computer network protocol), PERFORMANCE evaluation, CONTEXT-aware computing, WEB-based user interfaces |
| Reviews & Products: |
GOOGLE Chrome (Computer software) |
| Abstract: |
In this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting (XSS) filters and based on that, proposed a JavaScript string comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request ( HREQ) and hypertext transfer protocol response ( HRES) for discovering any similar untrusted/malicious JavaScript code. This similar code points towards the untrusted JavaScript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing JavaScript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR] |
|
Copyright of Security & Communication Networks is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| Database: |
Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science