• DocumentCode
    525720
  • Title

    An execution-flow based method for detecting Cross-site Scripting attacks

  • Author

    Zhang, Qianjie ; Chen, Hao ; Sun, Jianhua

  • Author_Institution
    Adv. Internet & Media Lab., Hunan Univ., Changsha, China
  • fYear
    2010
  • fDate
    23-25 June 2010
  • Firstpage
    160
  • Lastpage
    165
  • Abstract
    We present an execution-flow analysis for JavaScript programs running in a web browser to prevent Cross-site Scripting (XSS) attacks. We construct finite-state automata (FSA) to model the client-side behavior of Ajax applications under normal execution. Our system is deployed in proxy mode. The proxy analyzes the execution flow of client-side JavaScript before the requested web pages arrive at the browser to prevent potentially malicious scripts, which do not conform to the FSA. We evaluate our technique against several real-world applications and the result shows that it protects against a variety of XSS attacks and has an acceptable performance overhead.
  • Keywords
    Application software; Computer languages; Electronic mail; Internet; Java; Learning automata; Monitoring; Protection; Sun; Web pages; Ajax; FSA; JavaScript; XSS;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering and Data Mining (SEDM), 2010 2nd International Conference on
  • Conference_Location
    Chengdu, China
  • Print_ISBN
    978-1-4244-7324-3
  • Electronic_ISBN
    978-89-88678-22-0
  • Type

    conf

  • Filename
    5542934
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=525720