CFP last date
20 June 2024
Reseach Article

Analysis of Browser Defenses against XSS Attack Vectors

Published on October 2013 by Shital Dhamal, Manisha Mathur
International conference on Green Computing and Technology
Foundation of Computer Science USA
ICGCT - Number 3
October 2013
Authors: Shital Dhamal, Manisha Mathur
915cc449-7d8c-44a3-bb1f-d23a6609b74b

Shital Dhamal, Manisha Mathur . Analysis of Browser Defenses against XSS Attack Vectors. International conference on Green Computing and Technology. ICGCT, 3 (October 2013), 6-10.

@article{
author = { Shital Dhamal, Manisha Mathur },
title = { Analysis of Browser Defenses against XSS Attack Vectors },
journal = { International conference on Green Computing and Technology },
issue_date = { October 2013 },
volume = { ICGCT },
number = { 3 },
month = { October },
year = { 2013 },
issn = 0975-8887,
pages = { 6-10 },
numpages = 5,
url = { /proceedings/icgct/number3/13695-1322/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International conference on Green Computing and Technology
%A Shital Dhamal
%A Manisha Mathur
%T Analysis of Browser Defenses against XSS Attack Vectors
%J International conference on Green Computing and Technology
%@ 0975-8887
%V ICGCT
%N 3
%P 6-10
%D 2013
%I International Journal of Computer Applications
Abstract

With the up gradation of technology came World Wide Web and now it has become part of our everyday life. Our increasing dependency on web applications has made us more susceptible to web based attacks . According to OWASP [1] (Open Source Web Application Security Project) Structured Query Language (SQL) injection, Cross Site Scripting Attack (XSS) and Cross-Site Request Forgery (CSRF) are the most popular attack techniques used by evil-minded user for monetary gains or in some way harm the unsuspecting user. Cross site scripting has been on top of the list of web security threats of late. To deal with the cross site scripting on server side is not always possible because of security unawareness of web developers. Hence it becomes imperative to implement client side defenses. In this paper we are going to assess the defenses of existing browsers and study their limitations. For analyzing the defenses provided by different browsers we have created detailed test cases of vulnerabilities and designed a vulnerable web site for testing the browsers capability to resist against the exploits.

References
  1. OWASP Foundation, OWASP Top 10 2013, Creative Commons Attribution 2. 0, June 27, 2013
  2. Petko D Petkov Anton Rager Seth Fogie Jeremiah Grossman, Robert Hansen. , XSS Attacks-CrossSite Scripting Exploits and Defense. Syngress, 2009.
  3. Imperva's Web Application Attack Report Edition #1 - July 2011
  4. S. Shalini, S. Usha ,Prevention of Cross-Site Scripting Attacks (XSS) On Web Applications in The Client Side, IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 4, No 1, July 2011
  5. Bhanu Prakash Valluri, Evaluating Browsers and The HTML5 Standard Against XSS, MTech Thesis, IIT Bombay
  6. W. Jason Gilmore, Beginning PHP and MySQL: From Novice to Professional, Apress
  7. Brian Ward,The Book of VMware: The Complete guide to VMware Workstation, No Starch Press 2002
  8. Paco Hope, Ben Walther, Web Security Testing Cookbook Systematic Techniques to Find Problems Fast, O'Reilly Media
  9. Daniel Bates,Adam Barth ,Collin Jackson ,Regular Expressions Considered Harmful in Client-Side XSS Filters, Carnegie Mellon university
  10. Dr. Jayamsakthi Shanmugam, Dr. M. Ponnavaikko, Cross Site Scripting-Latest developments and solutions: A survey, Int. J. Open Problems Compt. Math. , Vol. 1, No. 2, September 2008
  11. Riccardo Pelizzi R. Sekar, Protection, Usability and Improvementsin Reflected XSS Filter, ASIACCS '12, May 2–4, 2012, Seoul, Korea.
  12. Adam Barth, Collin Jackson, The Security Architecture of the Chromium Browser
  13. Marin Sili,Jakov Krolo and Goran Dela, Security Vulnerabilities in Modern Web Browser Architecture, MIPRO 2010, May 24-28, 2010, Opatija, Croatia
Index Terms

Computer Science
Information Sciences

Keywords

Cross Site Scripting Xss Browser Security