首页    期刊浏览 2024年12月04日 星期三
登录注册

文章基本信息

  • 标题:Securing Server/Client side Applications against XSS attack via XSS-Obliterator
  • 本地全文:下载
  • 作者:Amit Singh ; Suraj Singh Tomer
  • 期刊名称:International Journal of Computer Science and Information Technologies
  • 电子版ISSN:0975-9646
  • 出版年度:2015
  • 卷号:6
  • 期号:2
  • 页码:1196-1203
  • 出版社:TechScience Publications
  • 摘要:In the modern technological epoch, the internet advancement is at its peak and the web services are emerging more towards dynamic than static web pages. In order to serve the demands, websites holds many applications that extensively opens door for several script-languages. Contrarily, Cross-sitescripting (XSS) attack exploits wide variety of Script-languages and various programming techniques that can easily breach the security of the website. This paper presents a model of XSSobliterator which supplements the security at client/server side with the mechanism of two-way filter and delivers a platformindependent elucidation to cater security against enormous variants of XSS attack. To address the security issues, an opensource PHP based website is evaluated to render threat against XSS-vectors injected in input fields, URL and source-code using two commercial browsers. As a result of evaluation, the vulnerable sections of the website are declared as high/low recommendation for the proposed model. Considering the extracted artifacts, an experiment has been conducted on the website using the proposed model for detecting and sanitizing all the variants of XSS vectors.
  • 关键词:Cross-site-scripting (XSS); Input validation;Escaping; Sanitization; Document –object-model (DOM);Reflection point.
国家哲学社会科学文献中心版权所有