• DocumentCode
    2859162
  • Title

    S2XS2: A Server Side Approach to Automatically Detect XSS Attacks

  • Author

    Shahriar, Hossain ; Zulkernine, Mohammad

  • Author_Institution
    Sch. of Comput., Queen´´s Univ., Kingston, ON, Canada
  • fYear
    2011
  • fDate
    12-14 Dec. 2011
  • Firstpage
    7
  • Lastpage
    14
  • Abstract
    Cross site scripting (XSS) vulnerabilities are widespread in web-based programs. Server side detection of suspected contents can mitigate XSS exploitations early. Unfortunately, existing serve side approaches impose modification of server and client side environments. In this paper, we develop an automated framework to detect XSS attacks at the server side based on the notion of boundary injection and policy generation. Boundaries mark content generation locations in server script code. We derive expected benign features of dynamic contents that are matched during response page generation to detect attacks. We develop a prototype tool to automatically insert boundaries and generate policies for JSP programs. We evaluate the approach with four JSP programs. The results indicate that the approach detects most of the well known XSS attacks. Moreover, the false positive rates vary between zero and 5.2%. The approach suffers from negligible runtime overhead.
  • Keywords
    Internet; security of data; Web-based programs; XSS attacks; XSS exploitations; boundary injection; content generation; cross site scripting vulnerabilities; policy generation; response page generation; server script code; server side approach; server side detection; Browsers; Context; Feature extraction; HTML; Instruments; Runtime; Servers; XSS; boundary injection; policy generation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on
  • Conference_Location
    Sydney, NSW
  • Print_ISBN
    978-1-4673-0006-3
  • Type

    conf

  • DOI
    10.1109/DASC.2011.26
  • Filename
    6118345