Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Privacy Protection Through Hiding Location Coordinates Using Geometric Transformation Techniques in Location-Based Services Enabled Mobiles Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

A Robust Server-Side JavaScript Feature Injection-Based Design for JSP Web Applications Against XSS Vulnerabilities

verfasst von : Shashank Gupta, B. B. Gupta

Erschienen in: Cyber Security

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cross-Site Scripting (XSS) attack vectors are well-thought-out selected as a serious infection for contemporary HTML5 websites. In this paper, a novel server-side JavaScript feature injection-based design is proposed that relies on the concept of inserting the features of JavaScript in order to discover the variation between the stored and observed features in the HTTP response. In addition to this, injection of context-sensitive sanitization functions has also adopted by our design to detect the XSS attack vectors in HTML websites. The prototype of our design will be developed in Java as a server-side framework, and the experimental results of our proposed design on JSP websites will also be evaluated as further extension.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Encryption Technique Using Elliptic Curve Cryptography Through Compression and Artificial Intelligence
Nächstes Kapitel PHISH-SAFE: URL Features-Based Phishing Detection System Using Machine Learning
Literatur
1.
Klein A (2002) Cross site scripting explained. White Paper, Sanctum Security Group, June
2.
Gupta S, Gupta BB (2016) XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud. Multimed Tools Appl 1–33
3.
Gupta BB, Gupta S, Gangwar S, Kumar M, Meena PK (2015) Cross-site scripting (XSS) abuse and defense: exploitation on several testing bed environments and its defense. J Inf Priv Secur 11(2):118–136
4.
Gupta S, Gupta B (2015) PHP-sensor: a prototype method to discover workflow violation and XSS Vulnerabilities in PHP web applications. In: 12th ACM International Conference on Computing Frontiers (CF’15), Ischia, Italy
5.
Chaudhary P, Gupta S, Gupta BB, Chandra VS, Selvakumar S, Fire M, Goldschmidt R, Elovici Y, Gupta BB, Gupta S, Gangwar S. Auditing defense against XSS worms in online social network-based web applications. In: Handbook of research on modern cryptographic solutions for computer and cyber security, vol 36, pp 216–245, 16 May 2016
6.
Gupta S, Gupta BB (2014) BDS: browser dependent XSS sanitizer. Book on cloud-based databases with biometric applications, In: IGI-global’s advances in information security, privacy, and ethics (AISPE) series, 31 Oct 2014, pp 174–91
7.
8.
9.
10.
11.
Shaihriar H, Zulkernine M (2011) S2XS2: a server side approach to automatically detect XSS attacks. In: Ninth international conference on dependable, automatic secure computing, IEEE, (2011), pp 7–17
12.
Shaihriar H, Zulkernine M (2011) Injecting comments to detect javascript code injection attacks. In: Proceedings of the 6th IEEE workshop on security, trust, and privacy for software applications, Munich, Germany, July, pp 104–109
13.
Gupta S, Gupta BB (2015) Cross-site scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int J Syst Assur Eng Manage 1–19
14.
Gupta S, Gupta BB, Chaudhary P (2017) Hunting for DOM-based XSS vulnerabilities in mobile cloud-based online social network. In: Future Generation Computer Systems. 12 June 2017
15.
Gupta S, Gupta BB (2016) Alleviating the proliferation of JavaScript worms from online social network in cloud platforms. In: 2016 7th international conference on information and communication systems (ICICS), IEEE, pp 246–251
16.
Gupta S, Gupta BB (2016) An infrastructure-based framework for the alleviation of JavaScript worms from OSN in mobile cloud platforms. In: International conference on network and system security 28 Sep 2016, pp 98–109. Springer International PublishingCrossRef
17.
Gupta S, Gupta BB (2016) XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications. Secur Commun Netw 9(17):3966–3986CrossRef
18.
Gupta S, Gupta BB (2016) Alleviating the proliferation of JavaScript worms from online social network in cloud platforms. In: 2016 7th International Conference on Information and Communication Systems (ICICS), IEEE, pp 246–251
19.
Gupta S, Gupta BB (2017) Smart XSS attack surveillance system for OSN in virtualized intelligence network of nodes of fog computing. Int J Web Serv Res (IJWSR) 14(4):1–32CrossRef
20.
Gupta S, Gupta BB (2016) JS-SAN: defense mechanism for HTML5-based web applications against JavaScript code injection vulnerabilities. Secur Commun Netw 9(11):1477–1495CrossRef
Metadaten
Titel
A Robust Server-Side JavaScript Feature Injection-Based Design for JSP Web Applications Against XSS Vulnerabilities
verfasst von
Shashank Gupta
B. B. Gupta
Copyright-Jahr
2018
Verlag
Springer Singapore
Buch
Cyber Security

Print ISBN: 978-981-10-8535-2

Electronic ISBN: 978-981-10-8536-9

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-981-10-8536-9_43