DSpace Repository

JS-SAN: defense mechanism for HTML5-based web applications against javascript code injection vulnerabilities

Show simple item record

dc.contributor.author Gupta, Shashank
dc.date.accessioned 2024-11-11T06:53:15Z
dc.date.available 2024-11-11T06:53:15Z
dc.date.issued 2016-02
dc.identifier.uri https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1433
dc.identifier.uri http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16309
dc.description.abstract This paper presents an injection and clustering-based sanitization framework, i.e. JS-SAN (JavaScript SANitizer) for the mitigation of JS code injection vulnerabilities. It generates an attack vector template by performing the clustering on the extracted JS attack vector payloads corresponding to their level of similarity. As a result, it then sanitizes the extracted JS attack vector template by an automated technique of placement of sanitizers in the source code of generated templates of web applications. We have also performed the deepest possible crawling of web pages for finding the possible user-injection points and injected the latest HTML5-based XSS attack vectors for testing the mitigation capability of our framework. The implementation of our design was done on the browser-side JavaScript library and tested as an extension on the Google Chrome. The attack mitigation capability of JS-SAN was evaluated by incorporating the support from a tested suite of open source web applications that are vulnerable to JS code injection vulnerabilities. The proposed framework validates its novelty by producing a less rate of false negatives and tolerable runtime overhead as compared to existing sanitization-based approaches en_US
dc.language.iso en en_US
dc.publisher Wiley en_US
dc.subject Computer Science en_US
dc.subject JS-SAN (JavaScript SANitizer) en_US
dc.subject JavaScript (JS) en_US
dc.subject Web applications en_US
dc.title JS-SAN: defense mechanism for HTML5-based web applications against javascript code injection vulnerabilities en_US
dc.type Article en_US


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account