Welcome to IEEE Xplore 2.0: A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability

Cart | Sitemap | Help

Abstract


	BROWSE	SEARCH	IEEE XPLORE GUIDE	SUPPORT

View TOC

A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
Ismail, O. Etoh, M. Kadobayashi, Y. Yamaguchi, S.
Graduate Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Japan;

This paper appears in: Advanced Information Networking and Applications, 2004. AINA 2004. 18th International Conference on
Publication Date: 2004
Volume: 1, On page(s): 145- 151 Vol.1
ISSN:
ISBN: 0-7695-2051-0
INSPEC Accession Number: 8032727
Digital Object Identifier: 10.1109/AINA.2004.1283902
Current Version Published: 2004-08-24

Abstract
Cross-site scripting (XSS) attacks target Web sites with cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of XSS problems. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either request or server response. The system also shares the indication of vulnerability via a central repository. The purpose of the proposed system is twofold: to protect users from XSS attacks, and to warn the Web servers with XSS vulnerabilities.

Index Terms
Available to subscribers and IEEE members.

References
Available to subscribers and IEEE members.

Citing Documents
Available to subscribers and IEEE members.

You are not logged in.

Guests may access Abstract records free of charge.