AUDITING THE DEFENSE AGAINST CROSS SITE SCRIPTING IN WEB APPLICATIONS

Lwin Khin Shar; Hee Beng Kuan Tan

doi:10.5220/0002963905050511

AUDITING THE DEFENSE AGAINST CROSS SITE SCRIPTING IN WEB APPLICATIONS

Lwin Khin Shar, Hee Beng Kuan Tan

2010

Abstract

Majority attacks to web applications today are mainly carried out through input manipulation in order to cause unintended actions of these applications. These attacks exploit the weaknesses of web applications in preventing the manipulation of inputs. Among these attacks, cross site scripting attack -- malicious input is submitted to perform unintended actions on a HTML response page -- is a common type of attacks. This paper proposes an approach for thorough auditing of code to defend against cross site scripting attack. Based on the possible methods of implementing defenses against cross site scripting attack, the approach extracts all such defenses implemented in code so that developers, testers or auditors could check the extracted output to examine its adequacy. We have also evaluated the feasibility and effectiveness of the proposed approach by applying it to audit a set of real-world applications.

Download

Paper Citation

in Harvard Style

Khin Shar L. and Beng Kuan Tan H. (2010). AUDITING THE DEFENSE AGAINST CROSS SITE SCRIPTING IN WEB APPLICATIONS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 505-511. DOI: 10.5220/0002963905050511

in Bibtex Style

@conference{secrypt10,
author={Lwin Khin Shar and Hee Beng Kuan Tan},
title={AUDITING THE DEFENSE AGAINST CROSS SITE SCRIPTING IN WEB APPLICATIONS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={505-511},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002963905050511},
isbn={978-989-8425-18-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - AUDITING THE DEFENSE AGAINST CROSS SITE SCRIPTING IN WEB APPLICATIONS
SN - 978-989-8425-18-8
AU - Khin Shar L.
AU - Beng Kuan Tan H.
PY - 2010
SP - 505
EP - 511
DO - 10.5220/0002963905050511