A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social network

Summary This article presents a client‐server JavaScript code rewriting‐based framework that protects and preserves the privacy of online users against XSS worms on Online Social Network (OSN). The server‐side generates an estimation graph which is explored for extracting the JavaScript code and shi...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Concurrency and computation Ročník 31; číslo 21
Hlavní autoři: Gupta, Shashank, Gupta, B.B., Chaudhary, Pooja
Médium: Journal Article
Jazyk:angličtina
Vydáno: Hoboken Wiley Subscription Services, Inc 10.11.2019
Témata:
Applications programs
Computer worms
Cross‐Site Scripting (XSS) worms
Decoding
Hypertext
Java
Online Social Networking (OSN) security
RSS technology
Social networks
untrusted JavaScript code
web security
XSS filters
ISSN:1532-0626, 1532-0634
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Summary This article presents a client‐server JavaScript code rewriting‐based framework that protects and preserves the privacy of online users against XSS worms on Online Social Network (OSN). The server‐side generates an estimation graph which is explored for extracting the JavaScript code and shifts such code in a separate file. This shifting is done for completely isolating the untrusted JavaScript code and data. The client‐side performs runtime monitoring of the dynamic JavaScript code to recognize the tainted flow of untrusted JavaScript variables. The context of such dynamic tainted variables is determined, for performing the string analysis to examine whether it may be considered as vulnerable point or not. Finally, decoding operation is performed on the obfuscated malicious JavaScript code and the JavaScript code embedded in the parameter values of HTTP request. If match is found, then XSS attack vector is present. Otherwise, it is not. The authors have developed their prototype on the Java development framework and have estimated the malicious script alleviation capability of this proposed work on tested web applications (Humhub, Elgg, WordPress, Joomla, Drupal).
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1532-0626
1532-0634
DOI:10.1002/cpe.4646