Risk mitigation for cross site scripting attacks using signature based model on the server side

Researchers and industry experts state that the Cross-site Scripting (XSS) is the top most vulnerability in the web applications. Attacks on web applications are increasing with the implementation of newer technologies, new html tags and new JavaScript functions. This demands an efficient approach on the server side to protect the users of the application. The proposed Signature based misuse detection approach introduces a security layer on top of the web application, so that the existing web application remain unchanged whenever a new threat is introduced that demands new security mechanisms. The web pages that are newly introduced in the web application need not be changed to incorporate the security mechanisms as the solution is implemented on top of the web application. To test the effectiveness of this approach, the vulnerable web inputs listed in research sites, black-hat hacker sites and in the black hat hacker sites are considered. The proposed security system was run on JBoss server and tested on those vulnerable inputs collected from the above sites. There are around 100 variants of XSS attacks found during the testing. It has been found that the approach is very effective as it addresses the vulnerabilities at a granular level of tags and attributes, in addition to addressing the XSS vulnerabilities.