Title :
A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
Author :
Ismail, Omar ; Etoh, Masashi ; Kadobayashi, Youki ; Yamaguchi, Suguru
Author_Institution :
Graduate Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Japan
Abstract :
Cross-site scripting (XSS) attacks target Web sites with cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of XSS problems. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either request or server response. The system also shares the indication of vulnerability via a central repository. The purpose of the proposed system is twofold: to protect users from XSS attacks, and to warn the Web servers with XSS vulnerabilities.
Keywords :
Internet; Web sites; client-server systems; data privacy; security of data; telecommunication security; Web servers; Web sites; automatic collection system; automatic detection system; cookie-based session management; cross-site scripting attacks; cross-site scripting vulnerability; information leakage; information privacy; Information retrieval; Information science; Internet; Leak detection; Privacy; Proposals; Protection; Protocols; Technology management; Web server;
Conference_Titel :
Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on
Print_ISBN :
0-7695-2051-0
DOI :
10.1109/AINA.2004.1283902
