Analysis of Browser Defenses against XSS Attack Vectors
Shital Dhamal and Manisha Mathur. Article: Analysis of Browser Defenses against XSS Attack Vectors. IJCA Proceedings on International conference on Green Computing and Technology ICGCT(3):6-10, October 2013. Full text available. BibTeX
@article{key:article,
author = {Shital Dhamal and Manisha Mathur},
title = {Article: Analysis of Browser Defenses against XSS Attack Vectors},
journal = {IJCA Proceedings on International conference on Green Computing and Technology},
year = {2013},
volume = {ICGCT},
number = {3},
pages = {6-10},
month = {October},
note = {Full text available}
}
Abstract
With the up gradation of technology came World Wide Web and now it has become part of our everyday life. Our increasing dependency on web applications has made us more susceptible to web based attacks . According to OWASP [1] (Open Source Web Application Security Project) Structured Query Language (SQL) injection, Cross Site Scripting Attack (XSS) and Cross-Site Request Forgery (CSRF) are the most popular attack techniques used by evil-minded user for monetary gains or in some way harm the unsuspecting user. Cross site scripting has been on top of the list of web security threats of late. To deal with the cross site scripting on server side is not always possible because of security unawareness of web developers. Hence it becomes imperative to implement client side defenses. In this paper we are going to assess the defenses of existing browsers and study their limitations. For analyzing the defenses provided by different browsers we have created detailed test cases of vulnerabilities and designed a vulnerable web site for testing the browsers capability to resist against the exploits.
References
- OWASP Foundation, OWASP Top 10 2013, Creative Commons Attribution 2. 0, June 27, 2013
- Petko D Petkov Anton Rager Seth Fogie Jeremiah Grossman, Robert Hansen. , XSS Attacks-CrossSite Scripting Exploits and Defense. Syngress, 2009.
- Imperva's Web Application Attack Report Edition #1 - July 2011
- S. Shalini, S. Usha ,Prevention of Cross-Site Scripting Attacks (XSS) On Web Applications in The Client Side, IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 4, No 1, July 2011
- Bhanu Prakash Valluri, Evaluating Browsers and The HTML5 Standard Against XSS, MTech Thesis, IIT Bombay
- W. Jason Gilmore, Beginning PHP and MySQL: From Novice to Professional, Apress
- Brian Ward,The Book of VMware: The Complete guide to VMware Workstation, No Starch Press 2002
- Paco Hope, Ben Walther, Web Security Testing Cookbook Systematic Techniques to Find Problems Fast, O'Reilly Media
- Daniel Bates,Adam Barth ,Collin Jackson ,Regular Expressions Considered Harmful in Client-Side XSS Filters, Carnegie Mellon university
- Dr. Jayamsakthi Shanmugam, Dr. M. Ponnavaikko, Cross Site Scripting-Latest developments and solutions: A survey, Int. J. Open Problems Compt. Math. , Vol. 1, No. 2, September 2008
- Riccardo Pelizzi R. Sekar, Protection, Usability and Improvementsin Reflected XSS Filter, ASIACCS '12, May 2–4, 2012, Seoul, Korea.
- Adam Barth, Collin Jackson, The Security Architecture of the Chromium Browser
- Marin Sili,Jakov Krolo and Goran Dela, Security Vulnerabilities in Modern Web Browser Architecture, MIPRO 2010, May 24-28, 2010, Opatija, Croatia