Injecting Comments to Detect JavaScript Code Injection Attacks

Most web programs are vulnerable to cross site scripting (XSS) that can be exploited by injecting JavaScript code. Unfortunately, injected JavaScript code is difficult to distinguish from the legitimate code at the client side. Given that, server side detection of injected JavaScript code can be a l...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2011 IEEE 35th IEEE Annual Computer Software and Applications Conference Workshops s. 104 - 109
Hlavní autoři: Shahriar, H., Zulkernine, M.
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.07.2011
Témata:
Browsers
Comment injection
Feature extraction
HTML
Information filters
JavaScript code injection
Runtime
Servers
Web pages
ISBN:9781457709807, 1457709805
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Most web programs are vulnerable to cross site scripting (XSS) that can be exploited by injecting JavaScript code. Unfortunately, injected JavaScript code is difficult to distinguish from the legitimate code at the client side. Given that, server side detection of injected JavaScript code can be a layer of defense. Existing server side approaches rely on identifying legitimate script code, and an attacker can circumvent the technique by injecting legitimate JavaScript code. Moreover, these approaches assume that no JavaScript code is downloaded from third party websites. To address these limitations, we develop a server side approach that distinguishes injected JavaScript code from legitimate JavaScript code. Our approach is based on the concept of injecting comment statements containing random tokens and features of legitimate JavaScript code. When a response page is generated, JavaScript code without or incorrect comment is considered as injected code. Moreover, the valid comments are checked for duplicity. Any presence of duplicate comments or a mismatch between expected code features and actually observed features represents JavaScript code as injected. We implement a prototype tool that automatically injects JavaScript comments and deploy injected JavaScript code detector as a server side filter. We evaluate our approach with three JSP programs. The evaluation results indicate that our approach detects a wide range of code injection attacks.
ISBN:9781457709807
1457709805
DOI:10.1109/COMPSACW.2011.27