A Substitution Based Encoding Scheme to Mitigate Cross Site Script Vulnerabilities

Bharti Nagpal*, Naresh Chauhan**, Nanhay Singh***
*Assistant Professor, Department of Computer Science Engineering, Ambedkar Institute of Advanced Communication Technology and Research (AIACT&R), Delhi, India.
** Chairman and Professor, YMCA University of Science and Technology, Faridabad, Haryana, India.
*** Associate Professor, Department of Computer Science Engineering, Ambedkar Institute of Advanced Communication Technology and Research (AIACT&R), Delhi, India.
Periodicity:December - February'2016
DOI : https://doi.org/10.26634/jit.5.1.4797

Abstract

Most of the attacks made on the web, target the vulnerability of web applications. These vulnerabilities are researched and analyzed at OWASP [1]. The Open Web Application Security project, OWASP, tracks the most common failures. Cross Site Scripting (XSS) is one of the worst vulnerabilities that allow malicious attacks such as cookie thefts and web page defacements. Testing an implementation against XSS vulnerabilities can avoid these consequences. Obtaining an adequate test data set is essential for testing of XSS vulnerabilities. These inputs are interpreted by browsers while rendering web pages. When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting website. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. Cross-site scripting attacks essentially compromise the trust relationship between a user and the website. XSS occurs when a web page displays user input typically via JavaScript that is not properly validated. This paper uses an encoding scheme that scans the starting tag present in a HTML tag and encodes it such that, the script written inside the starting and closing tags will not work as a HTML element thus, rendering the attack useless.

Keywords

XSS Attack, Vulnerability, XSS Types, Prevention.

How to Cite this Article?

Nagpal. B, Chauhan. N and Singh. N (2016). A Substitution Based Encoding Scheme to Mitigate Cross Site Script Vulnerabilities. i-manager’s Journal on Information Technology, 5(1), 12-17. https://doi.org/10.26634/jit.5.1.4797

References

[1]. The Open Web Application Security Project, "OWASP TOP 10 Project", Retrieved from http://www.owasp.org/
[2]. Fabien Duchene, Roland Groz, Sanjay Rawat, and Jean-Luc Richier, (2012). “XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing”. IEEE Fifth International Conference on Software Testing, Verification and Validation.
[3]. Yu Sun and Dake He, (2012). “Model Checking for the Defense against Cross-site Scripting Attacks ”. International Conference on Computer Science and Service System.
[4]. Lwin Khin Shar and Hee Beng Kuan Tan, (2012). “Mining Input Sanitization Patterns for Predicting SQL Injection and Cross Site Scripting Vulnerabilities”. IEEE.
[5]. Lwin Khin Shar and Hee Beng Kuan Tan, (2012). “Defending against Cross-Site Scripting Attacks”. IEEE.
[6]. R. Priyadarshini, D. Jagadiswaree, A. Fareedha, and M. Janarthanan, (2011). “A Cross Platform Intrusion Detection System using Inter Server Communication Technique”. International Conference on Recent Trends in Information Technology, IEEE.
[7]. Andrea Avancini and Mariano Ceccato, (2011). “Security Testing of Web Applications: A Search Based Approach for Cross-Site Scripting vulnerabilities”. IEEE.
[8]. Rattipong Putthacharoen and Pratheep Bunyatnoparat, (2011). “Protecting Cookies from Cross Site Script Attacks Using Dynamic Cookies Rewriting Technique”. ICACT.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.