Add to ORKGWe present an execution-flow analysis for JavaScript programs running in a web browser to prevent Cross-site Scripting (XSS) attacks. We construct finite-state automata (FSA) to model the client-side behavior of Ajax applications under normal execution. Our system is deployed in proxy mode. The proxy analyzes the execution flow of client-side JavaScript before the requested web pages arrive at the browser to prevent potentially malicious scripts, which do not conform to the FSA. We evaluate our technique against several real-world applications and the result shows that it protects against a variety of XSS attacks with an acceptable performance overhead
Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days o...
In this dissertation we examine web exploitation from a number of different perspectives. First, we ...
Using JavaScript and dynamic DOM manipulation on the client-side of web applications is becoming a w...
Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few yea...
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected...
AJAX applications are prone to security vulnerabilities due to the ease of inadvertently entrusting ...
Web applications support many of our daily activities, but they of-ten have security problems, and t...
Cross-Site scripting attacks occur when accessing information in intermediate trusted sites. Cross-S...
Cross Site Scripting (XSS) is a vulnerability of a Web Application that is essentially caused by the...
Cross-site scripting is a vulnerability in Web applications that can be exploited by injecting malic...
Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulne...
The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisti...
Cross site scripting (XSS) vulnerability is among the top web application vulnerabilities according ...
Abstract. We introduce a dynamic technique for defending web appli-cations that would otherwise be v...
Cross Site Scripting (XSS) is popular security vulnerability in modern web applications. XSS attacks...
Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days o...
In this dissertation we examine web exploitation from a number of different perspectives. First, we ...
Using JavaScript and dynamic DOM manipulation on the client-side of web applications is becoming a w...
Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few yea...
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected...
AJAX applications are prone to security vulnerabilities due to the ease of inadvertently entrusting ...
Web applications support many of our daily activities, but they of-ten have security problems, and t...
Cross-Site scripting attacks occur when accessing information in intermediate trusted sites. Cross-S...
Cross Site Scripting (XSS) is a vulnerability of a Web Application that is essentially caused by the...
Cross-site scripting is a vulnerability in Web applications that can be exploited by injecting malic...
Cross-Site Scripting (XSS) vulnerabilities are among the most common and most serious security vulne...
The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisti...
Cross site scripting (XSS) vulnerability is among the top web application vulnerabilities according ...
Abstract. We introduce a dynamic technique for defending web appli-cations that would otherwise be v...
Cross Site Scripting (XSS) is popular security vulnerability in modern web applications. XSS attacks...
Existence of cross-site scripting (XSS) vulnerability can be traced back to 1995 during early days o...
In this dissertation we examine web exploitation from a number of different perspectives. First, we ...
Using JavaScript and dynamic DOM manipulation on the client-side of web applications is becoming a w...