Analysis of Hypertext Markup Isolation Techniques for XSS Prevention

نویسندگان

Mike Ter Louw

Prithvi Bisht

V. N. Venkatakrishnan

چکیده

Modern websites and web applications commonly integrate third-party and user-generated content to enrich their users’ experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolate untrusted markup, and could be used to define constraint environments that are enforceable by web browsers. We conduct a comparative analysis of these proposals highlighting security, legacy browser compatibility and several other important qualities.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Analysis of Hypertext Isolation Techniques for XSS Prevention

Modern websites and web applications commonly integrate third-party and user-generated content to enrich the user’s experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced web content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolat...

متن کامل

Input Validation Vulnerabilities (SQLIA) and Defenses in Web Applications Security

-The internet has evolved into a critical delivery pipeline for institutions to interact with Customers, partners and employees. Peoples use web sites to send and receive Information via Hypertext Markup Language (HTML) messages to web applications reside on web servers. Generally this information, expected as legitimate messages, can be used illegitimately by the unauthorized persons to compro...

متن کامل

Prevention of Cross Site Scripting with E-Guard Algorithm

In this world of networking where people around the globe are connected, Cross-site Scripting (XSS) has emerged to one of the most prevalent growing threat. XSS attacks are those in which attackers inject malicious codes, most often client-side scripts, into web applications from outside sources. Because of the number of possible injection location and techniques, many applications are vulnerab...

متن کامل

Dynamic Web Application Analysis for Cross Site Scripting Detection

Though cross site scripting (XSS) is essentially a server-side problem, in most cases users are the one who suffer. Additionally, most Anti-XSS measures developed so far are requiring either a major customization effort or modifications in the Web Application. This thesis presents a general XSS detector able to automatically derive all required Web Application specific knowledge. Data-mining te...

متن کامل

Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense

Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in 2007. The main underlying reason for XSS vulnerabilities is that web markup and client-side languages do not provide principled mechanisms to ensure secure, ground-up isolation of user-generated data in web application code. In this paper, we develop a new approach that combines randomization of web applica...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2008

Analysis of Hypertext Markup Isolation Techniques for XSS Prevention

نویسندگان

چکیده

منابع مشابه

Analysis of Hypertext Isolation Techniques for XSS Prevention

Input Validation Vulnerabilities (SQLIA) and Defenses in Web Applications Security

Prevention of Cross Site Scripting with E-Guard Algorithm

Dynamic Web Application Analysis for Cross Site Scripting Detection

Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense

عنوان ژورنال:

اشتراک گذاری