Title :
Analysis and prevention for cross-site scripting attack based on encoding
Author :
Ding Lan ; Wu ShuTing ; Ye Xing ; Zhang Wei
Author_Institution :
Dept. of Intell. & Reconnaissance, Special Police Acad., Beijing, China
Abstract :
With the development of Web application, cross-site scripting attacks have been rapidly increasing, and the technique of those attacks is constantly updating. There has been some special advanced attacks such as the one based on encoding. In this paper we analyze two kinds of those attacks respectively based on the binary and N-ray alphabets encoding, then presents a dynamically access control method to prevent them by means of the existing detection and prevention technology of cross-site scripting attack, making up the existing approach being lack of the practicality, and the experimental results verify the feasibility and practicality of our protection mechanism.
Keywords :
Internet; authorisation; encoding; N-ray alphabets encoding; Web application; access control method; cross-site scripting attack; protection mechanism; Encoding; Europe; HTML; Robustness; Security; Web servers; Cross Site Scripting Attack; Cross-domain Access; Encoding Based on N-ary Alphabets; Web Application;
Conference_Titel :
Electronics Information and Emergency Communication (ICEIEC), 2013 IEEE 4th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/ICEIEC.2013.6835463
