Scheduled System Maintenance:
On Monday, April 27th, IEEE Xplore will undergo scheduled maintenance from 1:00 PM - 3:00 PM ET (17:00 - 19:00 UTC). No interruption in service is anticipated.
By Topic

Risk mitigation for cross site scripting attacks using signature based model on the server side

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Shanmugam, J. ; SRM Univ., Chennai ; Ponnavaikko, M.

Researchers and industry experts state that the Cross-site Scripting (XSS) is the top most vulnerability in the web applications. Attacks on web applications are increasing with the implementation of newer technologies, new html tags and new JavaScript functions. This demands an efficient approach on the server side to protect the users of the application. The proposed Signature based misuse detection approach introduces a security layer on top of the web application, so that the existing web application remain unchanged whenever a new threat is introduced that demands new security mechanisms. The web pages that are newly introduced in the web application need not be changed to incorporate the security mechanisms as the solution is implemented on top of the web application. To test the effectiveness of this approach, the vulnerable web inputs listed in research sites, black-hat hacker sites and in the black hat hacker sites are considered. The proposed security system was run on JBoss server and tested on those vulnerable inputs collected from the above sites. There are around 100 variants of XSS attacks found during the testing. It has been found that the approach is very effective as it addresses the vulnerabilities at a granular level of tags and attributes, in addition to addressing the XSS vulnerabilities.

Published in:

Computer and Computational Sciences, 2007. IMSCCS 2007. Second International Multi-Symposiums on

Date of Conference:

13-15 Aug. 2007