Preventing Client Side XSS with Rewrite Based Dynamic Information Flow

Xiao, Wenmin; Sun, Jianhua; Chen, Hao; Xu, Xianghua

doi:10.1109/paap.2014.10

Cited by 11 publications

(8 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To prevent illegal input on the server-side output of the script's content, wish to identify any harmful may be recognised by any input filtering system, and XSS-GUARD uses research on dynamic web applications to ask for any HTML in order to build the script set that will run. J.Sun [17] stops the browser from leaking information by using the stain model and information flow analysis, by rewriting code track framework. For this firstly we have to abstract the semantic of JavaScript and convert the code into Syntax tree for intermediate representation of JavaScript.…”

Section: Detection and Prevention Of Xss Attacksmentioning

confidence: 99%

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

2023

IJETER

View full text Add to dashboard Cite

As technology progresses, web based applications are becoming more vulnerable and threats to it’s security is increasing day by day. One of the ways by which an attacker can attack any web application is cross site scripting attack. The loop holes in a web based application can be exploited by a hacker in ways like, session-hijacking, cookie-stealing, malicious redirection etc. In this survey paper we focuses on the current XSS attack detection techniques and their limitations.

show abstract

Section: Detection and Prevention Of Xss Attacksmentioning

confidence: 99%

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

2023

IJETER

View full text Add to dashboard Cite

show abstract

“…Essentially, the researchers [50] proposed that the objective of this approach is to detect any questionable JavaScript code. Tainted-browsing technology is used.…”

Section: Conclusion and Suggestionsmentioning

confidence: 99%

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Weamie¹

2022

IJCNS

View full text Add to dashboard Cite

The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers' defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.

show abstract

“…To safeguard the web application from XSS attacks, an execution flow analyzer has been built that can emulate client program behavior [29]. A browser proxy has been designed to secure the security of sensitive data using an information flow approach [30]. A server-side approach has been implemented in some research that limits user input from untrusted sites, removes the nooutput script, and readily accommodates complicated attacks [31]- [35].…”

Section: Descriptive Analysismentioning

confidence: 99%

“…Several researchers have produced some technologies that can reduce XSS attacks from online applications by taking into account design, coding, testing, and incorporating validation [26], [27], [36]- [38]. Need to modify the web source code Xiao et al [30] information flow The security of sensitive data is ensured by using JSTFlow as a browser proxy…”

Section: Descriptive Analysismentioning

confidence: 99%

Important factors to remember when constructing a cross-site scripting prevention mechanism

et al. 2022

View full text Add to dashboard Cite

Web application has become an essential part of daily activities to provide easy accessibility that ensures better performance. It is a platform where sensitive information such as username, password, credit card details, operating system and software version. is stored that attracts intruders to generate most of their attacks. Intruders can steal valuable data by compromising web application security flaws; cross site scripting (XSS) vulnerability is one of these. Several studies have been conducted in order to prevent the XSS vulnerability. In this research, we searched Scopus Indexed articles published in the last 11 years (between 2008 and 2020) using two keywords (“XSS attack prevention” and “XSS prevention”). The purpose of this study was to conduct a literature review on XSS prevention techniques e.g., strengths and weaknesses, including structural issues and real-time deployment location in order to extract valuable information. This review identified 14 articles among the 25 selected articles that provided various suitable prevention techniques for XSS attacks. Seven articles are based on tools that have been implemented and take into account design, coding, testing, and integrating validation processes, six articles are about server site solutions, and one is about automatic mitigation solutions. As a result, this research will be invaluable in guiding the advancement of XSS prevention techniques.

show abstract

Preventing Client Side XSS with Rewrite Based Dynamic Information Flow

Cited by 11 publications

References 15 publications

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

An Analysis of the Prevention and Detection of Cross Site Scripting Attack

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Important factors to remember when constructing a cross-site scripting prevention mechanism

Contact Info

Product

Resources

About