A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
Ismail, O.; Etoh, M.; Kadobayashi, Y.; Yamaguchi, S.
Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on
Volume 1, Issue , 2004 Page(s): 145 - 151 Vol.1
Digital Object Identifier   10.1109/AINA.2004.1283902
Summary: Cross-site scripting (XSS) attacks target Web sites with cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of XSS problems. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either request or server response. The system also shares the indication of vulnerability via a central repository. The purpose of the proposed system is twofold: to protect users from XSS attacks, and to warn the Web servers with XSS vulnerabilities.

» View citation and abstract

Log in by entering your IEEE Web Account Username and Password.

IEEE Communications Society members: If you subscribe to the IEEE Electronic Periodicals Package or IEEE Electronic Periodicals Package Plus, you must access your subscription at www.comsoc.org.

Check with your librarian, information professional, or system manager to determine if you need to log in. Please complete the online Technical Support Form if you need assistance.

Select the Purchase History link to access the document. You will have 5 Days after purchase to access the Full Text PDF. Please complete the online Technical Support Form if you need assistance.

• Search and access Abstract records free of charge
• Register for table of contents alerts
• Purchase Full Text PDF documents

» Learn more about subscription options or how to become an IEEE Member.