Design and development of Anti-XSS proxy
Cross-Site Scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser and cause security breaches. The discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existin...
Saved in:
Published in | 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) pp. 484 - 489 |
---|---|
Main Authors | , , , |
Format | Conference Proceeding |
Language | English |
Published |
Infonomics Society
01.12.2013
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Cross-Site Scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser and cause security breaches. The discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions or develop novel attack detection techniques. This paper proposes a proxy-level design and development of XSS attack detection approach (Anti-XSS) based on Kullback-Leibler Divergence (KLD) measure. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks while displaying a low false positive rate depending on the choice of threshold values of KLD. |
---|---|
DOI: | 10.1109/ICITST.2013.6750247 |