DSpace logo

Please use this identifier to cite or link to this item: http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16302
Full metadata record
DC FieldValueLanguage
dc.contributor.authorGupta, Shashank-
dc.date.accessioned2024-11-05T11:59:24Z-
dc.date.available2024-11-05T11:59:24Z-
dc.date.issued2016-08-
dc.identifier.urihttps://onlinelibrary.wiley.com/doi/full/10.1002/sec.1579-
dc.identifier.urihttp://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16302-
dc.description.abstractIn this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting (XSS) filters and based on that, proposed a JavaScript string comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request (HREQ) and hypertext transfer protocol response (HRES) for discovering any similar untrusted/malicious JavaScript code. This similar code points towards the untrusted JavaScript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing JavaScript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework.en_US
dc.language.isoenen_US
dc.publisherWileyen_US
dc.subjectComputer Scienceen_US
dc.subjectXSS-immuneen_US
dc.subjectGoogle chromeen_US
dc.subjectWeb applicationsen_US
dc.titleXSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applicationsen_US
dc.typeArticleen_US
Appears in Collections:Department of Computer Science and Information Systems

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.