Sciweavers

SAC
2006
ACM

Noxes: a client-side solution for mitigating cross-site scripting attacks

14 years 6 months ago
Noxes: a client-side solution for mitigating cross-site scripting attacks
Web applications are becoming the dominant way to provide access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the context of the user’s web browser. To protect the user’s environment from malicious JavaScript code, a sandboxing mechanism is used that limits a program to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if a user can be lured into downloading malicious JavaScript code from an intermediate, trusted site. In this case, the malicious script is granted full access to all resources (e.g., authentication tokens and cookies) that belong to the trusted site. Such attacks are called cross-site scripting (XSS) attacks. In general, XSS attacks are easy to execute, but difficult to detect and ...
Engin Kirda, Christopher Krügel, Giovanni Vig
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where SAC
Authors Engin Kirda, Christopher Krügel, Giovanni Vigna, Nenad Jovanovic
Comments (0)