By Topic

XSS Application Worms: New Internet Infestation and Optimized Protective Measures

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)

There has been considerable increase in application layer attacks. Research surveys show that the cross site scripting (XSS) attack is most common among all the application layer attacks. Ajax Web technology, by design makes number of calls to the Web server to process a user request. This increases the bandwidth usage and response time due increase in the number of calls to the Web server. If security mechanisms are implemented to protect the application, then the server performance will suffer due to the additional processing required thereby resulting in increased response time. If security mechanisms are implemented to protect the application, then the server performance will suffer due to the increased response time because of the increase in number of requests. This problem demands an efficient approach to protect the Web application from XSS attacks and to block the malicious attempts from reaching the Web application. This paper presents a thread based solution for efficient process utilization of the Web server and to prevent XSS threats. The proposed solution has been tested using Java/JSP on JBOSS server on around 2000 vulnerable XSS input collected from various research sites, white hat and black hat sites. The model is also tested with the combination of non vulnerable input and vulnerable input to assess the performance. The approach is found to be effective compared to the earlier research works.

Published in:

Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2007. SNPD 2007. Eighth ACIS International Conference on  (Volume:3 )

Date of Conference:

July 30 2007-Aug. 1 2007