Sciweavers

NDSS
2007
IEEE

Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis

14 years 5 months ago
Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker). Currently, most approaches attempt to prevent XSS on the server side by inspecting and modifying the data that is exchanged between the web application and the user. Unfortunately, it is often the case that vulnerable applications are not fixed for a considerable amount of time, leaving the users vulnerable to attacks. The solution presented in this paper stops XSS attacks on the client side by tracking the flow of sensitive information inside the web browser. If sensitive information is about to be transferred to a third party, the user can decide if this should be permitted or not. As a result, the user has an additional protection layer when surfing the web, without solely dependin...
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, E
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where NDSS
Authors Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Krügel, Giovanni Vigna
Comments (0)