Designing a XSS defensive framework for web servers deployed in the existing smart city infrastructure
Saved in:
| Title: | Designing a XSS defensive framework for web servers deployed in the existing smart city infrastructure |
|---|---|
| Authors: | Gupta, Brij B., Chaudhary, Pooja, Gupta, Shashank |
| Source: | Gupta, B B, Chaudhary, P & Gupta, S 2020, 'Designing a XSS defensive framework for web servers deployed in the existing smart city infrastructure', Journal of Organizational and End User Computing, vol. 32, no. 4, pp. 85-111. https://doi.org/10.4018/JOEUC.2020100105 |
| Publication Year: | 2020 |
| Subject Terms: | Smart City Cyber Security, Trusted Remark Statement Injection, Untrusted Javascript Code, XSS Attack |
| Description: | Cross-site scripting is one of the notable exceptions effecting almost every web application. Hence, this article proposed a framework to negate the impact of the XSS attack on web servers deployed in one of the major applications of the Internet of Things (IoT) i.e. the smart city environment. The proposed framework implements 2 approaches: first, it executes vulnerable flow tracking for filtering injected malicious scripting code in dynamic web pages. Second, it accomplished trusted remark generation and validation for unveiling any suspicious activity in static web pages. Finally, the filtered and modified webpage is interfaced to the user. The prototype of the framework has been evaluated on a suite of real-world web applications to detect XSS attack mitigation capability. The performance analysis of the framework has revealed that this framework recognizes the XSS worms with very low false positives, false negatives and acceptable performance overhead as compared to existent XSS defensive methodologies. |
| Document Type: | article in journal/newspaper |
| File Description: | application/pdf |
| Language: | English |
| DOI: | 10.4018/JOEUC.2020100105 |
| Availability: | https://researchers.mq.edu.au/en/publications/4c662184-8557-4c25-9038-d788aaca9e46 https://doi.org/10.4018/JOEUC.2020100105 https://research-management.mq.edu.au/ws/files/165796648/165497384.pdf |
| Rights: | info:eu-repo/semantics/openAccess |
| Accession Number: | edsbas.A8561182 |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Cross-site scripting is one of the notable exceptions effecting almost every web application. Hence, this article proposed a framework to negate the impact of the XSS attack on web servers deployed in one of the major applications of the Internet of Things (IoT) i.e. the smart city environment. The proposed framework implements 2 approaches: first, it executes vulnerable flow tracking for filtering injected malicious scripting code in dynamic web pages. Second, it accomplished trusted remark generation and validation for unveiling any suspicious activity in static web pages. Finally, the filtered and modified webpage is interfaced to the user. The prototype of the framework has been evaluated on a suite of real-world web applications to detect XSS attack mitigation capability. The performance analysis of the framework has revealed that this framework recognizes the XSS worms with very low false positives, false negatives and acceptable performance overhead as compared to existent XSS defensive methodologies. |
|---|---|
| DOI: | 10.4018/JOEUC.2020100105 |