A behavior-based client defense scheme against XSS

doi:10.7523/j.issn.2095-6134.2011.5.015

›› 2011, Vol. 28 ›› Issue (5): 668-675.DOI: 10.7523/j.issn.2095-6134.2011.5.015

• Research Articles • Previous Articles Next Articles

A behavior-based client defense scheme against XSS

WANG Xia-Li, ZHANG Yu-Qing

National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China

Received:2010-09-07 Revised:2010-11-07 Online:2011-09-15

Abstract

Abstract:

Recent popularity of Web 2.0 application has given rise to a large number of Web vulnerabilities, and XSS vulnerability is among the top security threats. In recent years, the occurrence of XSS worms worsened the situation of Web security. Existing XSS defense methods mainly depend on filtering users’ inputs on the server side, which cannot protect in time the main victims of XSS attacks, the Internet users. In this paper we focus on the analysis of XSS behavior, especially the propagation behavior of XSS worms, and propose a new client-side XSS defense method, StopXSS. The testing experiments show that our method can defend against XSS attacks effectively and can be used to detect even 0-Day XSS worms.

Key words: Web security, JavaScript, cross site scripting (XSS), XSS worm

CLC Number:

TP393

WANG Xia-Li, ZHANG Yu-Qing. A behavior-based client defense scheme against XSS[J]. , 2011, 28(5): 668-675.

References

[1] Wichers D. The top 10 most critical web application security risks . The Open Web Application Security Project (OWASP), 2010.

[2] Kirda E, Vigna G, Jovanovic N. Noxes: a client-side solution for mitigating cross-site scripting attacks //The 21st Annual ACM Symposium on Applied Computing. New York, USA: ACM, 2006: 330-337.

[3] Kirda E, Kruegel C, Virgac G. Client-side cross-site scripting protection
[J]. Computers and Security, 2009, 28(7): 592-604.

[4] Livshits B, Cui W. Spectator: detection and containment of JavaScript worms //USENIX 2008 Annual Technical Conference on Annual Technical Conference. Boston, USA: ACM, 2008: 335-348.

[5] Sun F, Xu L, Su Z. Client-side detection of XSS worms by monitoring payload propagation //Proceedings of the 14th European Conference on Research in Computer Security. Saint-Malo, France: ACM, 2009: 539-554.

[6] Fogie S, Hansen R, Rager A, et al. XSS attacks: cross site scripting exploits and defense
[M]. New York: Syngress Media, 2007.

[7] Garcia J, Navarro G. A survey on cross-site scripting attacks: USA, abs/0905.4850 . (2009-05-29) http://arxiv.org/pdf/0905.4850v1.

[8] Faghani M, Saidi H. Social networks’ XSS worms //International Conference on Computational Science and Engineering. Vancouver, Canada: IEEE Computer Society, 2009: 1137-1141.

[9] Dabirsiaghi A. Building and stopping next generation XSS worms //3rd International OWASP Symposium on Web Application Security. Ghent, Belguim, 2008.

[10] Network Working Group. HTTP methods: USA, internet RFC 2616 . (2004-09-01) http://www.w3.org/Protocols/rfc2616/rfc2616.html.

[11] Oda T, Oorschot P, Somayaji A. SOMA: mutual approval for included content in web pages
[J]. ACM Computer and Communications Security, 2008:89-98.

[12] Vogt P. Cross site scripting (XSS) attack prevention with dynamic data tainting on the client side . Vienna: Technical University of Vienna, 2006.

A behavior-based client defense scheme against XSS

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 4

Recommended Articles

Metrics

Comments

[1]	DONG Ying, ZHANG Yuqing, YUE Hongzhou. Vulnerability exploitation for Joomla content management system [J]. , 2015, 32(6): 825-835.
[2]	CHEN Jing-Feng, WANG Yi-Ding, ZHANG Yu-Qing, LIU Qi-Xu. Automatic generation of attack vectors for stored-XSS [J]. , 2012, (6): 815-820.
[3]	Dong Guo-Ming, Zhang Jun-Yu. Implementation of a web mathematical equation editor providing the mathematical semantics [J]. , 2008, 26(6): 824-829.
[4]	HE Li, WU Jian, JIA Yan-Min. Research and implementation on JavaScript-based invocating Web Services in Browser-Side [J]. , 2007, 24(6): 801-805.