Client-side cross-site scripting protection

Computers and Security

Volumn 28, Issue 7, 2009, Pages 592-604

  Kirda, Engin ^a   Jovanovic, Nenad ^b   Kruegel, Christopher ^c   Vigna, Giovanni ^c  

^a EURECOM   (France)

^b VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^c UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Client side defense; Client side protection; Cross site scripting (XSS); Firewall; Intrusion detection; Proxy; Web security

Indexed keywords

CLIENT-SIDE DEFENSE; CLIENT-SIDE PROTECTION; CROSS-SITE SCRIPTING (XSS); FIREWALL; PROXY; WEB SECURITY;

COMPUTER SYSTEM FIREWALLS; HIGH LEVEL LANGUAGES; INTERNET SERVICE PROVIDERS; INTRUSION DETECTION; MARKUP LANGUAGES; WORLD WIDE WEB;

JAVA PROGRAMMING LANGUAGE;

EID: 70349595106     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2009.04.008     Document Type: Article

References (26)

1. Bicho D. PHP-nuke reviews module cross-site scripting vulnerability (2004).
2. Burzi F. PHP-nuke home page (2005).
3. CERT. Advisory CA-2000-02: malicious HTML tags embedded in client web requests (2000).
4. CERT. Understanding malicious content mitigation for web developers (2005).
5. Charles P. Jpcap - a network packet capture library (2006).
6. S. Cook. A web developer's guide to cross-site scripting. Technical report, SANS Institute, 2003.
7. Common Vulnerabilities. Common vulnerabilities and exposures (2005).
8. ECMA-262, ECMAScript language specification, 1999.
9. D. Endler. The Evolution of Cross Site Scripting Attacks. Technical report, iDEFENSE Labs, 2002.
10. D. Flanagan. JavaScript: The Definitive Guide. December 2001. 4th ed.
11. Google. Google suggest (2006).
12. Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In: Proceedings of the 12th International World Wide Web Conference (WWW 2003), May 2003.
13. Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. Lee, and S.-Y. Kuo. Securing Web Application Code by Static Analysis and Runtime Protection. In: Proceedings of the 13th International World Wide Web Conference (WWW 2004), May 2004.
14. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: a static analysis tool for detecting web application vulnerabilities (short paper). In: IEEE Symposium on Security and Privacy, 2006a.
15. N. Jovanovic, C. Kruegel, and E. Kirda. Precise alias analysis for static detection of web application vulnerabilities. In: ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2006b.
16. Kerio. Kerio firewall (2005).
17. E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A client-side solution for mitigating cross-site scripting attacks. In: The 21st ACM Symposium on Applied Computing (SAC 2006), 2006.
18. Kossel A. eBay-Passwortklau (2004).
19. Oswald D. Htmlparser (2006).
20. Inc S. AppShield white paper (2005).
21. D. Scott and R. Sharp. Abstracting Application-Level Web Security. In Proceedings of the 11th International World Wide Web Conference (WWW 2002), May 2002.
22. Security Focus. Bugtraq mailing list (2005).
23. Symantec. Symantec. Norton personal firewall (2005).
24. Software T. Tiny firewall (2005).
25. H. von Hatzfeld. Javascript-Wertuebergabe zwischen verschiedenen HTML-Dokumenten. , 1999.
26. Labs Z. Zone labs internet security products (2005).