Design and Development of Anti-XSS Proxy
Loading...
Files
Date
2016
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
FACULTE DES MATHEMATIQUES ET DE L’INFORMATIQUE - UNIVERSITE MOHAMED BOUDIAF - M’SILA
Abstract
Cross Site Scripting (XSS) is a common security problem of web applications where anattacker can inject scripting code into the input of the application that is then sent to a user’s web browser. In the web browser, this scripting code is executed and used to transfer sensitive data to a third party. Today’s solutions attempt to prevent XSS on the server side and client side, for example, by inspecting and modifying the data sent to and from the web application. Our presented solution aims to detect XSS attacks on the proxy side by analyzing both the client request and the server response and hashing each found script on the response page to compare this hash with the benign one. If the system detects any content deviation, the script will be blocked, and the XSS type detector will be triggered to eliminate any stored XSS from database.
With such way our system does protect both server and client side. As a result, the user has an additional protection layer when surfing websites.
Description
Keywords
XSS attacks detection, web security, anti-XSS proxy, Cross-Site Scripting.