For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
A Traffic-Flow-Phase Adaptive Routing Algorithm for VANETs
p.2343
The Research and Design of Instrument Management System Based on Wireless HART Technology
p.2350
A Real Time Video Transmission Routing Protocol in Multi-Interface Multi-Channel Ad Hoc Based on Queue Length and Delay Contraint
p.2354
Application of Modbus Communication Technology in Steam Injection Control System of Thermal Recovery Station
p.2362
A XSS Defensive Scheme Based on Behavior Certification
p.2365
Research on First-Price Sealed Auction Game Handoff Strategy
p.2370
Minimum Interference in UWB and WiFi Networks
p.2375
Design of CAN Communication in the STM32-Based Lithium Battery Formation System
p.2379
QoS-Supported for 802.11e EDCA Protocol Optimization in Wireless Mesh Network
p.2384

A XSS Defensive Scheme Based on Behavior Certification

Article Preview

Abstract:

The Scripting languages (mostly JavaScript) applications in the network are heavily used to improve the user experience now. The trends make XSS (Cross-site Scripting Attacks) the most serious security problems in the current Internet. A XSS defensive scheme based on behavior certification is proposed in the paper. The website behavior model is generated based on the website logic and the user behavior. The browsing behavior certification is implemented based on the expected behavior of the resulting model, so as to offer security for the client even in the case that web server has suffered XSS attacks.

You might also be interested in these eBooks
Industrial Instrumentation and Control Systems View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 241-244)

Pages:

2365-2369

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.241-244.2365

Citation:

Cite this paper

Online since:

December 2012

Authors:

Hua Jie Xu, Xiao Ming Hu, Dong Dong Zhang

Keywords:

Behavior Certification, Cross-Site Scripting Attacks, JavaScript, Scripting Languages

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] E. Kirda, C. Kruegel, G. Vigna, and N. Jovanovic. Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks. Proceedings of the 21st ACM Symposium on Applied Computing, (2006).

DOI: 10.1145/1141277.1141357

Google Scholar

[2] O. Hallaraker and G. Vigna. Detecting Malicious JavaScript Code in Mozilla. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, (2005).

DOI: 10.1109/iceccs.2005.35

Google Scholar

[3] O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguchi. A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerability. Proceedings of the International Conference on Advanced Information Networking and Application, (2004).

DOI: 10.1109/aina.2004.1283902

Google Scholar

[4] P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna. Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. Proceedings of the Network and Distributed System Security Symposium, (2007).

DOI: 10.1016/j.cose.2009.04.008

Google Scholar

[5] T. Jim and N. Swamy and M. Hicks. BEEP: Browser-Enforced Embedded Policies. In 16th International World Wide Web Conference (WWW2007), Banff, (2007).

DOI: 10.1145/1242572.1242654

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.