Protection, usability and improvements in reflected XSS filters

Pelizzi, Riccardo; Sekar, R.

doi:10.1145/2414456.2414458

Cited by 34 publications

(17 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, numerous researchers and vendors of web browsers have designed XSS filters that are integrated as an extension on different web browsers for alleviating the XSS worms from different platforms of modern web applications. We have explored the four finest XSS filters (NoScript [14], IE 8 [15], XSSAuditor [16], and XSSFilt [17]) and identified that they are either unsatisfactorily slow or can be simply evaded.…”

Section: Existing Challenges and Performance Issues In Recent Cross-smentioning

confidence: 99%

“…XSSFilt [17] XSSAuditor [16] NoScript [14] Internet Explorer 8 [15] noXSS [30] Sun et al Attacks utilized for evading step 1 Exploitation of various browser parsing quirks Browser parsing quirks create a problem for these filters as they try to discover scripts via statically parsing HTML. XSS-immune runs by extracting the script nodes before being transmitted towards JavaScript engine and therefore cannot undergo such problem.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications

Gupta

2016

Security Comm Networks

View full text Add to dashboard Cite

In this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting (XSS) filters and based on that, proposed a JavaScript string comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request (H REQ ) and hypertext transfer protocol response (H RES ) for discovering any similar untrusted/malicious JavaScript code. This similar code points towards the untrusted JavaScript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing JavaScript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework.

show abstract

Section: Existing Challenges and Performance Issues In Recent Cross-smentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications

Gupta

2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…NoXSS [10] adopts a longest common subsequence algorithm, which allows parts of a substring to be present in an input parameter while missing in a response. XSSFilt [11] relies on an approximate, rather than exact, string match to be able to identify taint in the presence of simple sanitization or normalization operations used by a web application. These techniques have been proven to be useful in inferring taints that may cause XSS.…”

Section: Taint Inferencementioning

confidence: 99%

“…There is one key difference that should be noted. In existing taint inference techniques, [11], [13], [14], the edit distance is used as a measure, and an object function is then used to minimize the edit distance between two sequences. The edit distance, also referred to as the Levenshtein distance, is the minimum number of edit operations (that is, insertions, deletions, and substitutions) needed to transform one sequence into another.…”

Section: Tackling Url Rewriting By Local Sequence Alignmentmentioning

confidence: 99%

Taint Inference for Cross-Site Scripting in Context of URL Rewriting and HTML Sanitization

Pan¹,

Mao²,

Li³

2016

ETRI J

View full text Add to dashboard Cite

Currently, web applications are gaining in prevalence. In a web application, an input may not be appropriately validated, making the web application susceptible to cross‐site scripting (XSS), which poses serious security problems for Internet users and websites to whom such trusted web pages belong. A taint inference is a type of information flow analysis technique that is useful in detecting XSS on the client side. However, in existing techniques, two current practical issues have yet to be handled properly. One is URL rewriting, which transforms a standard URL into a clearer and more manageable form. Another is HTML sanitization, which filters an input against blacklists or whitelists of HTML tags or attributes. In this paper, we make an analogy between the taint inference problem and the molecule sequence alignment problem in bioinformatics, and transfer two techniques related to the latter over to the former to solve the aforementioned yet‐to‐be‐handled‐properly practical issues. In particular, in our method, URL rewriting is addressed using local sequence alignment and HTML sanitization is modeled by introducing a removal gap penalty. Empirical results demonstrate the effectiveness and efficiency of our method.

show abstract

“…In XSS, one of the severe cases is that the attacker could steal victim's session cookie to hijack victim's session and take over victim's account. To cope with the XSS cookie stealing problem, research work [15] [25] [33] [36] [44] has delivered promising results to counter against the cookie stealing problem. To overcome these defense techniques, cyber-criminals will have to switch to a different attack other than stealing user cookies, namely CSRF.…”

Section: Introductionmentioning

confidence: 99%

Light-Weight CSRF Protection by Labeling User-Created Contents

Sung

Cho

Wang

et al. 2013

2013 IEEE 7th International Conference on Software Security and Reliability

View full text Add to dashboard Cite

Cross-site request forgery (CSRF/XSRF) is a serious vulnerability in Web 2.0 environment. With CSRF, an adversary can spoof the payload of an HTTP request and entice the victim's browser to transmit an HTTP request to the web server. Consequently, the server cannot determine legitimacy of the HTTP request. This paper presents a light-weight CSRF prevention method by introducing a quarantine system to inspect suspicious scripts on the server-side. Instead of using script filtering and rewriting approach, this scheme is based on a new labeling mechanism (we called it Content Box) which enables the web server to distinguish the malicious requests from the harmless requests without the need to modify the user created contents (UCCs). Consequently, a malicious request can be blocked when it attempts to access critical web services that was defined by the web administrator. To demonstrate the effectiveness of the proposed scheme, the proposed scheme was implemented and the performance was evaluated.

show abstract

Protection, usability and improvements in reflected XSS filters

Cited by 34 publications

References 13 publications

XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications

XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications

Taint Inference for Cross-Site Scripting in Context of URL Rewriting and HTML Sanitization

Light-Weight CSRF Protection by Labeling User-Created Contents

Contact Info

Product

Resources

About