XSS application worms: New Internet infestation and optimized protective measures

Proceedings - SNPD 2007: Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing

Volumn 3, Issue , 2007, Pages 1164-1169

  Shanmugam, Jayamsakthi ^a   Ponnavaikko, M ^b  

^a BITS ^*

^b SRM UNIVERSITY   (India)

Author keywords

Application level web security; Component based design; Security vulnerabilities

Indexed keywords

BANDWIDTH; COMPUTER APPLICATIONS; MULTIPROCESSING SYSTEMS; OPTIMIZATION; SECURITY OF DATA; USER INTERFACES;

APPLICATION-LEVEL WEB SECURITY; COMPONENT-BASED DESIGN; SECURITY VULNERABILITIES;

INTERNET;

EID: 35148824612     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SNPD.2007.573     Document Type: Conference Paper

References (9)

1. G. A. Di Lucca, A. R. Fasolino, M. Mastoianni, P. Tramontana, "Identifying Cross Site Scripting Vulnerabilities in Web Applications," wse, pp. 71-80, Sixth IEEE International Workshop on Web Site Evolution(WSE'04), 2004
2. Jesse James Garrett, "Ajax: A New Approach to Web Applications," available at http://www.adaptivepath.com/publications/ essays/archives/00038S.php (Adaptive Path, February 2005), last accessed Feb 12th, 2006.
3. [3]Kehh Smith, "Simplifying Ajax-Style Web Development," Computer, vol. 39, no. S, pp. 98-101, May, 2006.
4. [4]Scott, D., Sharp, R. "Abstracting Application-Level Web Security." In: Proc. 1 11th Int'l Conf. World Wide Web (WWW2002), pages 396-407, Honolulu, Hawaii, May 17-22, 2002.
5. Scott, D., Sharp, R. "Developing Secure Web Applications." IEEEInternet Computing, 6(6), 38-45, Nov 2002.
6. [6]Bobbitt, M. "Bulletproof Web Security." Network Security Magazine, TechTarget Storage Media, May 2002., http://infosecuritymag. techtargetcom/2002/may/bulletproof.shtml, last accessed Dec 10, 2006
7. [7]Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic "Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks" In The 21st ACM Symposium on Applied Computing (SAC 2006), Pages: 330 - 337, April 23-27, 2006.
8. Wes Masri, Andy Podgurski, David Leon, "Detecting and Debugging Insecure Information Flows," issre, pp. 198-209, 15th International Symposium on Software Reliability Engineering (ISSRE'04), 2004.
9. [9]Jeremiah Grossman ,WhfteHat Security founder and CTO, Presentation, Webcast, 'Top 10 Web Hack of 2006", http://www.whhehatsec.com/home/ resources/presentations/files/whiteha t_top_hacks_06_F.pdf, 17-Jan-2007, last accessed Feb 10th 2007.