Please use this identifier to cite or link to this item:
http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16303| Title: | Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment |
| Authors: | Gupta, Shashank |
| Keywords: | Computer Science Cloud Computing Cloud security Virtual Machines Cross-site scripting (XSS) worms URI Links |
| Issue Date: | 2016 |
| Publisher: | Elsevier |
| Abstract: | To thwart the virtual machines from being a victim of XSS attacks on the cloud computing environment, this paper presents an enhanced XSS defensive methodology for the cloud platforms. This framework initially scans the HTTP requests for the embedded URI links that points towards the links of external JS files and which may contain malicious XSS payload. Our design also explores the HTTP response for extracting the script content and compares this content with the script content retrieved from the URI links. Any resemblance observed in both these extracted set of scripts would be considered as malicious XSS worm. The testing and evaluation of our framework was done on tested bed of real world web applications by injecting the XSS attack payloads on their vulnerable injection points. Evaluation results revealed that our framework detects the XSS attack vectors with fewer rates of false negatives and false positives |
| URI: | https://www.sciencedirect.com/science/article/pii/S2212017316302419 http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16303 |
| Appears in Collections: | Department of Computer Science and Information Systems |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.