Abstract:
Cross-site scripting (XSS) attacks are presently the most exploited security problems in modern
Web applications that can be exploited by injecting JavaScript code. By now there have been a
variety of defensive techniques to protect web application from XSS injection attack, but XSS still
cannot be totally detected, an attacker can circumvent the technique by injecting legitimate
JavaScript, because it is difficult to distinguish from the original script.
In this project, we developed an approach based on scripts features analyzing, which permit
detection of wide range of injected scripts: malicious script or specific script which is similar to
benign script, without any modification of application source code.
We evaluate our approach with three programs. The evaluation results indicate that our
approach detects a wide range of code injection attacks.
