Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment

Abstract

To thwart the virtual machines from being a victim of XSS attacks on the cloud computing environment, this paper presents an enhanced XSS defensive methodology for the cloud platforms. This framework initially scans the HTTP requests for the embedded URI links that points towards the links of external JS files and which may contain malicious XSS payload. Our design also explores the HTTP response for extracting the script content and compares this content with the script content retrieved from the URI links. Any resemblance observed in both these extracted set of scripts would be considered as malicious XSS worm. The testing and evaluation of our framework was done on tested bed of real world web applications by injecting the XSS attack payloads on their vulnerable injection points. Evaluation results revealed that our framework detects the XSS attack vectors with fewer rates of false negatives and false positives