Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SAC
2006
ACM
2006
ACM
Noxes: a client-side solution for mitigating cross-site scripting attacks
Web applications are becoming the dominant way to provide access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the context of the user’s web browser. To protect the user’s environment from malicious JavaScript code, a sandboxing mechanism is used that limits a program to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if a user can be lured into downloading malicious JavaScript code from an intermediate, trusted site. In this case, the malicious script is granted full access to all resources (e.g., authentication tokens and cookies) that belong to the trusted site. Such attacks are called cross-site scripting (XSS) attacks. In general, XSS attacks are easy to execute, but difficult to detect and ...
Real-time Traffic| Added | 14 Jun 2010 |
| Updated | 14 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | SAC |
| Authors | Engin Kirda, Christopher Krügel, Giovanni Vigna, Nenad Jovanovic |
Comments (0)
Researcher Info
|
