Design and development of Anti-XSS proxy

Cross-Site Scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser and cause security breaches. The discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existin...

Full description

Saved in:
Bibliographic Details
Published in8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) pp. 484 - 489
Main Authors Shahriar, Hossain, North, Sarah, Wei-Chuen Chen, Mawangi, Edward
Format Conference Proceeding
LanguageEnglish
Published Infonomics Society 01.12.2013
Subjects
Browsers
Cascading style sheets
Cross-Site Scripting
Information theory
Kullback-Leibler Divergence
Servers
Web security
Online AccessGet full text

Cover

More Information
Summary:Cross-Site Scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser and cause security breaches. The discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions or develop novel attack detection techniques. This paper proposes a proxy-level design and development of XSS attack detection approach (Anti-XSS) based on Kullback-Leibler Divergence (KLD) measure. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks while displaying a low false positive rate depending on the choice of threshold values of KLD.
DOI:10.1109/ICITST.2013.6750247