A solution to block cross site scripting vulnerabilities based on service oriented architecture

Proceedings - 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007; 1st IEEE/ACIS International Workshop on e-Activity, IWEA 2007

Volumn , Issue , 2007, Pages 861-866

  Shanmugam, Jayamsakthi ^a   Ponnavaikko, M ^b  

^a BIRLA INSTITUTE OF TECHNOLOGY AND SCIENCE   (India)

^b SRM UNIVERSITY   (India)

Author keywords

Application level web security; Cross site scripting; Security vulnerabilities

Indexed keywords

APPLICATION SERVERS; APPLIED (CO); CROSS SITE SCRIPTING; CROSS-SITE SCRIPTING (XSS); INTERNATIONAL (CO); INTERNATIONAL CONFERENCES; LANGUAGES (TRADITIONAL); OTHER INTERFACES; RESEARCH DATA; SERVICE ORIENTED ARCHITECTURE (SOA); WEB APPLICATIONS; WEB PAGES;

COMMUNICATION; COMPUTER CRIME; CYBERNETICS; INFORMATION MANAGEMENT; INFORMATION SCIENCE; INFORMATION SERVICES; KNOWLEDGE MANAGEMENT; LINGUISTICS; MARKUP LANGUAGES; PERSONAL COMPUTING;

WORLD WIDE WEB;

EID: 46749142572     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIS.2007.45     Document Type: Conference Paper

References (14)

1. Scott, D., Sharp, R. "Abstracting Application-Level Web Security." In: Proc. 11th Int'l Conf. World Wide Web (WWW2002), pages 396-407, Honolulu, Hawaii, May 17-22, 2002. -8
2. Scott, D., Sharp, R. "Developing Secure Web Applications." IEEE Internet Computing, 6(6), 38-45, Nov 2002. -9
3. Bobbitt, M. "Bulletproof Web Security." Network Security Magazine, TechTarget Storage Media, May 2002., http://infosecuritymag. techtarget.com/2002/may/bulletproof.shtml , last accessed Dec 10, 2006
4. Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic "Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks" In The 21 st ACM Symposium on Applied Computing (SAC 2006), Pages: 330-337 , April 23-27, 2006.
5. O.Ismaill.M.E.Youki.K.adobayashi, S.Yamaguch, " A proposal and Implementation of Automatic Detection/Collection system for Cross-Site Scripting Vulnerability" Proceeding of the 18 Internation conference on Advanced Information Networking and Application (AINA'04).
6. CERT® Advisory CA-2000-02, "Malicious HTML Tags Embedded in Client Web Requests", http://www.cert.org/advisories/CA-2000-02.html, last accessed Dec 10, 2006
7. Jaikumar Vijayan, '"Less than zero-day' threats too often overlooked, analysts warn Companies tend to focus only on patching known flaws, ignoring other threats",Computerworld, October 26, 2006
8. John McCormick, "Microsoft users face two zero-day threats in a week", article available at http://articles.techrepublic.com.eom/5100- 1009_11-6132973.html, 11/6/06
9. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo, " Securing web application code by static analysis and runtime protection",. In Proceedings of International WWW Conference, New York, USA, 2004, Pages: 40-52, May 17-22, 2004.
10. Zhendong Su, Gary Wassermann, "The essence of command injection attacks in web applications", Annual Symposium on Principles of Programming Languages, Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages,Pages: 372-382, Jan 11-13, 2006
11. Wes Masri American University of Beirut, Beirut, Lebanon, Andy Podgurski Case Western Reserve University, Cleveland, OH , "Using dynamic information flow analysis to detect attacks against applications", ACM SIGSOFT Software Engineering Notes Volume 30, Issue 4 July 2005
12. N.Jovanovic, C. Kruegel and E.Kirda, "Pixy: A Static Analysis tool for Detecting web application vulnerabilities", Proceedings of the 2006 IEEE Symposium on Security and Privacy(S&P'06).
13. Wes Masri, Andy Podgurski, David Leon, "Detecting and Debugging Insecure Information Flows," issre, pp. 198-209, 15th International Symposium on Software Reliability Engineering (ISSRE'04), 2004.
14. WebCohort's Application Defense Center Reports Results of Vulnerability Testing on Web Applications "Only 10% of Web Applications Are Secured Against Common Hacking Techniques", February, 02, 2004, ), last accessed Feb 12th, 2006.