A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability

Author

Ismail, Omar ; Etoh, Masashi ; Kadobayashi, Youki ; Yamaguchi, Suguru

Author_Institution

Graduate Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Japan

Volume

1

fYear

2004

fDate

2004

Firstpage

145

Abstract

Cross-site scripting (XSS) attacks target Web sites with cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of XSS problems. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either request or server response. The system also shares the indication of vulnerability via a central repository. The purpose of the proposed system is twofold: to protect users from XSS attacks, and to warn the Web servers with XSS vulnerabilities.

Keywords

Internet; Web sites; client-server systems; data privacy; security of data; telecommunication security; Web servers; Web sites; automatic collection system; automatic detection system; cookie-based session management; cross-site scripting attacks; cross-site scripting vulnerability; information leakage; information privacy; Information retrieval; Information science; Internet; Leak detection; Privacy; Proposals; Protection; Protocols; Technology management; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on

Print_ISBN

0-7695-2051-0

Type

conf

DOI

10.1109/AINA.2004.1283902

Filename

1283902