Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)

Research on Client-side Defense Techniques of Cross-Site Scripting Attack

Authors
Xuyang Wang, Mingyang Xu
Corresponding Author
Xuyang Wang
Available Online February 2017.
DOI
10.2991/emcm-16.2017.62How to use a DOI?
Keywords
Cross-site scripting; Browser security; Dynamic data tainting; Static data tainting; JavaScript engine
Abstract

The Cross-site scripting (XSS) is among the most serious and common threat in Web application today. The main purpose of XSS is to steal the user's sensitive information, as its behavior is to send user's sensitive information to a third party without the user's authorization,we can get the XSS attack detection results by analyzing the situation of user's accessing sensitive information in current page. The detection technique presented in this paper adopts the idea of protecting user information in client-side of the Web browser. By analyzing its JavaScript engine, we extend its handle process in each phase. Our approach employs dynamic analysis techniques in general, and an auxiliary static analysis technique when necessary to analyze the situation of sensitive information in current page. By handling and judging the analysis result, we can prevent the suspicious XSS attack. If sensitive information is about to transferred to a third party, the user can decide id this should be permitted or not. The result of our experiment has demonstrated that the behavior-based XSS detection technique proposed in this paper is feasible in practice model.

Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)
Series
Advances in Computer Science Research
Publication Date
February 2017
ISBN
978-94-6252-297-8
ISSN
2352-538X
DOI
10.2991/emcm-16.2017.62How to use a DOI?
Copyright
© 2017, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Xuyang Wang
AU  - Mingyang Xu
PY  - 2017/02
DA  - 2017/02
TI  - Research on Client-side Defense Techniques of Cross-Site Scripting Attack
BT  - Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)
PB  - Atlantis Press
SN  - 2352-538X
UR  - https://doi.org/10.2991/emcm-16.2017.62
DO  - 10.2991/emcm-16.2017.62
ID  - Wang2017/02
ER  -