XSS-Dec: A hybrid solution to mitigate cross-site scripting attacks

Smitha Sundareswaran, Anna Cinzia Squicciarini

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Cross-site scripting attacks represent one of the major security threats in today's Web applications. Current approaches to mitigate cross-site scripting vulnerabilities rely on either server-based or client-based defense mechanisms. Although effective for many attacks, server-side protection mechanisms may leave the client vulnerable if the server is not well patched. On the other hand, client-based mechanisms may incur a significant overhead on the client system. In this work, we present a hybrid client-server solution that combines the benefits of both architectures. Our Proxy-based solution leverages the strengths of both anomaly detection and control flow analysis to provide accurate detection. We demonstrate the feasibility and accuracy of our approach through extended testing using real-world cross-site scripting exploits.

Original languageEnglish (US)
Title of host publicationData and Applications Security and Privacy XXVI - 26th Annual IFIP WG 11.3 Conference, DBSec 2012, Proceedings
Pages223-238
Number of pages16
DOIs
StatePublished - Aug 1 2012
Event26th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2012 - Paris, France
Duration: Jul 11 2012Jul 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7371 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other26th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2012
CountryFrance
CityParis
Period7/11/127/13/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'XSS-Dec: A hybrid solution to mitigate cross-site scripting attacks'. Together they form a unique fingerprint.

  • Cite this

    Sundareswaran, S., & Squicciarini, A. C. (2012). XSS-Dec: A hybrid solution to mitigate cross-site scripting attacks. In Data and Applications Security and Privacy XXVI - 26th Annual IFIP WG 11.3 Conference, DBSec 2012, Proceedings (pp. 223-238). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7371 LNCS). https://doi.org/10.1007/978-3-642-31540-4_17