Title :
XSSmon: A Perl based IDS for the detection of potential XSS attacks
Author :
Frenz, Christopher M. ; Yoon, Jong P.
Author_Institution :
Dept. of Math. & Comput. Sci., Mercy Coll., Dobbs Ferry, NY, USA
Abstract :
Recent years have seen an explosion in the number of cross site scripting (XSS) incidents effecting Web sites and Web applications. As such, an intrusion detection system (IDS) capable of detecting potential cross site scripting attacks is demonstrated. The IDS involves the capturing of potential client side executable content on a Web page and the hashing of that content. At a future point in time, the Web page is reprocessed for client side executable content and the content rehashed, with any differences in the hash values indicative of a potential XSS attack. It is believed that the described IDS technique would be particularly useful for Web forums and other user content driven site, since the IDS only considers content recognized as potentially executable and not normal text content, such as that which would be typically enclosed in paragraph or heading tags.
Keywords :
Perl; Web sites; security of data; Perl based IDS technique; Web page; Web sites; XSSmon; intrusion detection system; potential XSS attack detection; potential client side executable content; potential cross site scripting attack detection; Browsers; HTML; Intrusion detection; Vectors; Web pages; Perl; XSS; information security; intrusion detection;
Conference_Titel :
Systems, Applications and Technology Conference (LISAT), 2012 IEEE Long Island
Conference_Location :
Farmingdale, NY
Print_ISBN :
978-1-4577-1342-2
DOI :
10.1109/LISAT.2012.6223107
