XSS-GUARD : Precise Dynamic Prevention of Cross Site ...
XSS-GUARD : Precise Dynamic Prevention of
Cross Site Scripting (XSS) Attacks
Prithvi Bisht () Joint work with : V.N. Venkatakrishnan
Systems and Internet Security Laboratory Department of Computer Science University of Illinois, Chicago USA
XSS attacks : number one threat
CVE Vulnerabilities 2004
XSS 10.9%
CVE Vulnerabilities 2006
XSS 21.5%
Others 89.1%
Others 78.5%
...and the trend continues...
Second half of 2007 : 80% of all attacks were XSS January 2007 : 70% web applications are vulnerable
[source : ]
Simple attacks lucrative targets
alert(,,xss);
A typical XSS attack
... [evilCode] ...
Email name=[evilCode]
Claim prize [evilCode]
Response page
... evilCode executed! ...
Vulnerable bank web application
Client browser
Attacker controlled code can steal sensitive information or perform malicious operations.
Objective
Vulnerable web
application
Automated Transformation
Safe web application
Automated prevention of XSS attacks : server side Robust against subtle attacks Efficient
Outline of this talk
Introduction Web application transformation technique Robust script identification at server side XSS-GUARD
Examples Evaluation results
Related work and summary
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- Ръст на наетите офиси и по малко проекти в строеж
- Лятната ваканция е любима за 73 от българите сочат данни
- cross site scripting analysis identification and
- xss guard precise dynamic prevention of cross site
- injections attacks html sql xss
- xss cross site scripting
- unraveling some of the mysteries around dom based xss
- websecurity angriffe mit ssrf csrf und xml shortcuts 165
- cross site scripting xss exploits defenses
- why xss is bad and named that
Related searches
- cost of wrong site surgery
- prevention of myocardial infarction
- prevention of ischemic heart disease
- causes of wrong site surgery
- complication of surgical site icd 10
- dynamic array of strings c
- prevention of air pollution
- prevention of chf exacerbation
- university of phoenix site down
- percentage of wrong site surgery
- prevention of vap guidelines
- duties of a site supervisor