DSpace
 

University of Jos Institutional Repository >
Natural Sciences >
Computer Science >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/968

Title: S2MXS2: Server Side Approach to Mitigating XSS Attacks Using Regular Expression
Authors: Benjamin, B.C.
Oladeji, F.A.
Okolie, C.C.
Alakiri, H.O.
Olisa, O.
Keywords: cross-site scripting
web application
PHP Filter
firewall
regular expression
Issue Date: 2013
Publisher: Journal of Emerging Tre nds in Engineering and Applied Sciences (JETEAS)
Series/Report no.: Vol. 4;No. 6; Pp 875 - 8 82
Abstract: The most dreaded web application attack called Cross Site Scripting (XSS) attacks are still on the increase despite the research efforts being made. Usually, hackers upload XSS vectors into any vulnerable web site and wait for innocent victims who visit these sites. These victims are then attacked and exploited by the hacker’s XSS vectors. Several existing techniques require technical adjustments on client side browsers and server side environment variables, while other techniques try to nullify the effects of XSS on users viewing dynamic contents. Mitigating XSS from server side can guarantee a better result than any other technique because users are not required to make any configurations on their browsers and no XSS vector will find its way to the client side. In this research, a framework was developed, which is based on pattern matching using regular expressions. This framework will detect any occurrence of XSS vectors within the data collected from users and nullify them before passing it over to the web application for further processing. This implies that the web application may not store or process any XSS vectors. This framework was implemented using a PHP objectoriented prototype model that can be easily integrated into existing web application. Evaluation of the framework was done using a web based PHP social network application and the results of our experiment shows that the proposed system is highly efficient in mitigating XSS attacks while maintaining a negligible runtime overhead on the web server. The purpose of this research is to design a simple XSS attack Filter framework that can be easily integrated into an existing web application which gives this research the potentials of generally reducing the rate of occurrences of XSS attacks on web applications.
URI: http://hdl.handle.net/123456789/968
ISSN: 2141-7016
Appears in Collections:Computer Science

Files in This Item:

File Description SizeFormat
S2MXS2.pdf220.83 kBAdobe PDFView/Open
View Statistics

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

Valid XHTML 1.0! DSpace Software Copyright © 2002-2010  Duraspace - Feedback