Abstract
Cross-site scripting (XSS) is one of the most critical vulnerabilities found in web applications. XSS vulnerability present in web application that takes untrusted data and sends it to a web browser without proper input validation. XSS attack allows the adversary to execute scripts in the victim browser which can deface web sites, hijack user sessions, or redirect the user to malicious contents. Some of the proposed methods to XSS attack include the use of regular expressions to identify the presence of malicious content. However, this can be bypassed using parsing quirks and client-side filtering mechanisms such as Noscript and Noxes tool. The existing solutions are comparatively slow and cannot withstand against all attack vectors. Some of the existing approaches are too restrictive resulting in loss of functionality. In this paper, an API for server-side response filtering has been developed. The proposed method allows the HTML to pass through but blocks the harmful scripts. Unlike other approaches it requires a minor modification in existing web application. The performance evaluation shows that the proposed technique is having high fidelity and comparatively less response time.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
