A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability

Proceedings - International Conference on Advanced Information Networking and Application (AINA)

Volumn 1, Issue , 2004, Pages 145-151

  Ismael, Omar ^a   Etoh, Masashi ^a   Kadobayashi, Youki ^a   Yamaguchi, Suguru ^a  

^a NARA INSTITUTE OF SCIENCE AND TECHNOLOGY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATION; CLIENT SERVER COMPUTER SYSTEMS; COMMUNICATION; HTML; HTTP; INTERNET; JAVA PROGRAMMING LANGUAGE; PERSONAL COMPUTERS;

CROSS-SITE SCRIPTING (XSS); JAVASCRIP SPECIFICATION; SESSION MANAGEMENT; WEB SERVERS;

DATA PRIVACY;

EID: 3042626763     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (13)

1. Scott, D., Sharp, R. "Abstracting Application-Level Web Security". In the 11th International Conference on the World Wide Web(Honolulu, Hawaii, May 2002).
2. "The JWIG Project," http://www.brics.dk/JWIG
3. Yao-Wen, Huang,. Shin-Kun, Huang,. Tsung-Po, Lin,. And Chung-Hung, Tsai,. "WebApplication Assessment by Fault Injection and Behavior Monitoring". In the 12th International Conference on the World Wide Web(Budapest, Hungary, May 2003).
4. "The OWASP WebScarab Project," http://www.owasp.org/webscarab
5. Joon S. Park and Ravi Sandhu, "Secure Cookie on the Web", IEEE Internet Computing, Volume:4, Issue:4, July-Aug.2000
6. Cgisecurity, "The Cross Site Scripting FAQ", http://www.cgisecurity.com/articles/xss-faq.shtml, 2002
7. CERT/CC, "CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests", http://www.cert.org/advisories/CA-2000-02.html
8. Microsoft. HOWTO: Review ASP Code For CSSI Vulnerability, http://support.microsoft.com/support/kb/articles/Q253/1/19.asp
9. Global Trust Integrity (GTI) Project, http://www.gtisec.net/news/ news005_1007.html
10. SecureIT Secure Programming Team. http://securit.gtrc.aist.go.jp
11. Gunter Ollmann, "HTML Code Injection and Cross-site scripting", http://www.technicalinfo.net/papers/CSS.html
12. Point Blank Security, "The CSS Blacklist", http://www. pointblanksecurity.com/css
13. Rolf Oppliger, "Security Technologies for The World Wide Web(2nd Edition)", Arktech House,2003. ISBN: 1-58053-348-5