Title :
An Implementation of the Binding Mechanism in the Web Browser for Preventing XSS Attacks: Introducing the Bind-Value Headers
Author :
Iha, Genta ; Doi, Hiroshi
Author_Institution :
Grad. Sch. of Inf. Security, Inst. of Inf. Security, Yokohama
Abstract :
Today, cross-site scripting (XSS) vulnerability is one of the major problems of web application security. To prevent XSS attacks, there are several solutions based on blacklist filtering or whitelist filtering. Unfortunately, these solutions cannot solve XSS vulnerabilities completely. In this paper, we propose a binding mechanism, which is comparable to the binding mechanism for SQL. Furthermore, this paper shows the evaluation results of this mechanism by implementing this mechanism into the web browser (Firefox 3.0).
Keywords :
SQL; authorisation; online front-ends; SQL; Web browser; XSS attack; bind-value header; blacklist filtering; cross-site scripting vulnerability; whitelist filtering; Availability; Computer bugs; HTML; Impedance matching; Information filtering; Information filters; Information security; Internet; Java; Protection; Binding Mechanism; Cross-site Scripting; Web Application Security; Web Browser;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.19
