文章基本信息

标题：Prevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side
本地全文：下载
作者：Shashank Gupta ; Lalitsen Sharma ; Manu Gupta 等
期刊名称：International Journal of Advanced Computer Research
印刷版ISSN：2249-7277
电子版ISSN：2277-7970
出版年度：2012
卷号：2
期号：5
页码：49-54
出版社：Association of Computer Communication Education for National Triumph (ACCENT)
摘要：Cookies are a means to provide stateful communication over the HTTP. In the World Wide Web (WWW), once the user using web browser has been successfully authenticated by the web server of the web application, then the web server will generate and transfer the cookie to the web browser. Now each time, if the user again wants to send a request to the web server as a part of the active connection, the user has to include the corresponding cookie in its request, so that the web server associates the cookie to the corresponding user. Cookies are the mechanisms that maintain an authentication state between the user and web application. Therefore cookies are the possible targets for the attackers. Cross Site Scripting (XSS) attack is one of such attacks against the web applications in which a user has to compromise its browser’s resources (e.g. cookies etc.). In this paper, a novel technique called Dynamic Hash Generation Technique is introduced whose aim is to make cookies worthless for the attackers. This technique is implemented on the server side whose main task is to generate a hash of the value of name attribute in the cookie and send this hash value to the web browser. With this technique, the hash value of name attribute in the cookie which is stored on the browser’s database is not valid for the attackers to exploit the vulnerabilities of XSS attacks.
关键词：Cookies; HTTP; Cross-Site Scripting Attacks; Hash function.