Publication | Closed Access
A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
78
Citations
4
References
2004
Year
Unknown Venue
EngineeringUsable SecurityInformation SecuritySoftware EngineeringSource Code AnalysisSoftware AnalysisCross-site ScriptingVulnerability Assessment (Computing)FuzzingAutomatic Detection/collection SystemXss VulnerabilityInternet SecuritySecurity TestingComputer ScienceSecurity Testing MethodSoftware SecurityProgram AnalysisSoftware TestingWeb ServersVulnerability DiscoveryCross-site Scripting Vulnerability
Cross‑site scripting attacks exploit cookie‑based session management to leak privacy information, yet existing server‑side countermeasures are rarely deployed because of high overhead and limited understanding of XSS. The proposed system aims to protect users from XSS attacks and alert web servers to their vulnerabilities. It automatically detects XSS vulnerabilities by manipulating requests or responses on the client side and reports findings to a central repository.
Cross-site scripting (XSS) attacks target Web sites with cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of XSS problems. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either request or server response. The system also shares the indication of vulnerability via a central repository. The purpose of the proposed system is twofold: to protect users from XSS attacks, and to warn the Web servers with XSS vulnerabilities.
| Year | Citations | |
|---|---|---|
Page 1
Page 1