Research on Client-side Defense Techniques of Cross-Site Scripting Attack
- DOI
- 10.2991/emcm-16.2017.62How to use a DOI?
- Keywords
- Cross-site scripting; Browser security; Dynamic data tainting; Static data tainting; JavaScript engine
- Abstract
The Cross-site scripting (XSS) is among the most serious and common threat in Web application today. The main purpose of XSS is to steal the user's sensitive information, as its behavior is to send user's sensitive information to a third party without the user's authorization,we can get the XSS attack detection results by analyzing the situation of user's accessing sensitive information in current page. The detection technique presented in this paper adopts the idea of protecting user information in client-side of the Web browser. By analyzing its JavaScript engine, we extend its handle process in each phase. Our approach employs dynamic analysis techniques in general, and an auxiliary static analysis technique when necessary to analyze the situation of sensitive information in current page. By handling and judging the analysis result, we can prevent the suspicious XSS attack. If sensitive information is about to transferred to a third party, the user can decide id this should be permitted or not. The result of our experiment has demonstrated that the behavior-based XSS detection technique proposed in this paper is feasible in practice model.
- Copyright
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Xuyang Wang AU - Mingyang Xu PY - 2017/02 DA - 2017/02 TI - Research on Client-side Defense Techniques of Cross-Site Scripting Attack BT - Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016) PB - Atlantis Press SN - 2352-538X UR - https://doi.org/10.2991/emcm-16.2017.62 DO - 10.2991/emcm-16.2017.62 ID - Wang2017/02 ER -