XSS attack prevention using DOM based filtering API

Ankush, S D (2014) XSS attack prevention using DOM based filtering API. MTech thesis.



Cross-site scripting (XSS) is a type of vulnerability typically found in Web applications that enables users to input data and uses user submitted data without proper sanitation. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability present in web application may be used by attackers to bypass access controls such as the Same Origin Policy(SOP). Cross site-scripting is ranked 3rd among list of Top10 vulnerability mentioned in OWASP (Open Web Application Security Projects). Some of existing solutions to XSS attack include use of regular expressions to detect the presence of malicious dynamic content that can easily bypassed using parsing quirks and client side filtering mechanisms such as Noscript and Noxes tool which require security awareness by user that cannot be guaranteed. Some of existing solutions are unacceptably slow and can be bypassed .Some of them as too restrictive resulting in loss of functionality. In our work, we developed server side response filtering API that will allow benign HTML to pass through it but blocks harmful script. It does not require large amount of modification in existing web application. Proposed system is having high fidelity and low response time.

Item Type:Thesis (MTech)
Uncontrolled Keywords:Cross Site Scripting, Web Security, Injection attack, Server side filter, Input sanitation, Document Object Model
Subjects:Engineering and Technology > Computer and Information Science > Information Security
Divisions: Engineering and Technology > Department of Computer Science
ID Code:5633
Deposited By:Hemanta Biswal
Deposited On:22 Jul 2014 14:07
Last Modified:22 Jul 2014 14:07
Supervisor(s):Jena, S K

Repository Staff Only: item control page