XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks

Abstract : Cross-site scripting attacks represent one of the major security threats in today’s Web applications. Current approaches to mitigate cross-site scripting vulnerabilities rely on either server-based or client-based defense mechanisms. Although effective for many attacks, server-side protection mechanisms may leave the client vulnerable if the server is not well patched. On the other hand, client-based mechanisms may incur a significant overhead on the client system. In this work, we present a hybrid client-server solution that combines the benefits of both architectures. Our Proxy-based solution leverages the strengths of both anomaly detection and control flow analysis to provide accurate detection. We demonstrate the feasibility and accuracy of our approach through extended testing using real-world cross-site scripting exploits.
Document type :
Conference papers
Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.223-238, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_17〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01534769
Contributor : Hal Ifip <>
Submitted on : Thursday, June 8, 2017 - 11:06:33 AM
Last modification on : Thursday, October 4, 2018 - 4:24:05 PM
Document(s) archivé(s) le : Saturday, September 9, 2017 - 12:22:46 PM

File

978-3-642-31540-4_17_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Smitha Sundareswaran, Anna Squicciarini. XSS-Dec: A Hybrid Solution to Mitigate Cross-Site Scripting Attacks. Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.223-238, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_17〉. 〈hal-01534769〉

Share

Metrics

Record views

124

Files downloads

24