• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

DMCA

Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis (2007)

Cached

  • Download as a PDF

Download Links

  • [www.cs.ucsb.edu]
  • [www.cs.ucsb.edu]
  • [cs.ucsb.edu]
  • [www.seclab.tuwien.ac.at]
  • [www.iseclab.org]
  • [iseclab.org]
  • [publik.tuwien.ac.at]
  • [www.csd.uoc.gr]
  • [www.iseclab.net]
  • [rosaec.snu.ac.kr]
  • [seclab.ccs.neu.edu]
  • [iseclab.org]
  • [www.csd.uoc.gr]
  • [www.isoc.org]
  • [www.isoc.org]
  • [www.auto.tuwien.ac.at]
  • [www.scs.carleton.ca]
  • [people.scs.carleton.ca]
  • [www.cs.ucsb.edu]
  • [cs.ucsb.edu]
  • [people.scs.carleton.ca]
  • [auto.tuwien.ac.at]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Florian Nentwich , Nenad Jovanovic , Engin Kirda , Christopher Kruegel , Giovanni Vigna
Venue:In Proceeding of the Network and Distributed System Security Symposium (NDSS’07
Citations:104 - 2 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Nentwich07cross-sitescripting,
    author = {Florian Nentwich and Nenad Jovanovic and Engin Kirda and Christopher Kruegel and Giovanni Vigna},
    title = {Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis},
    booktitle = {In Proceeding of the Network and Distributed System Security Symposium (NDSS’07},
    year = {2007}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker). Currently, most approaches attempt to prevent XSS on the server side by inspecting and modifying the data that is exchanged between the web application and the user. Unfortunately, it is often the case that vulnerable applications are not fixed for a considerable amount of time, leaving the users vulnerable to attacks. The solution presented in this paper stops XSS attacks on the client side by tracking the flow of sensitive information inside the web browser. If sensitive information is about to be transferred to a third party, the user can decide if this should be permitted or not. As a result, the user has an additional protection layer when surfing the web, without solely depending on the security of the web application. 1

Keyphrases

static analysis    cross-site scripting prevention    dynamic data tainting    web application    sensitive information    third party    x attack    vulnerable application    client side    considerable amount    sensitive data    user web browser    additional protection layer    server side    web browser    cross-site scripting   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University