Journal Information
Research Areas
Publication Ethics and Malpractice Statement
To Scholarlink Resource Center
Guidelines for Authors
For Authors
Instructions to Authors
Copyright forms
Submit Manuscript
Call for papers
Guidelines for Reviewers
For Reviewers
Review Forms
Contacts and Support
Support and Contact
List of Issues
Indexing

 

Journal of Emerging Trends in Engineering and Applied Sciences (JETEAS)

ISSN:2141-7016

Article Title: S2MXS2: Server Side Approach to Mitigating XSS Attacks Using Regular
by Benjamin B. C, Oladeji F. A, Okolie C. C, Alakiri H. O, 1Olisa O

Abstract:
The most dreaded web application attack called Cross Site Scripting (XSS) attacks are still on the increase despite the research efforts being made. Usually, hackers upload XSS vectors into any vulnerable web site and wait for innocent victims who visit these sites. These victims are then attacked and exploited by the hackers XSS vectors. Several existing techniques require technical adjustments on client side browsers and server side environment variables, while other techniques try to nullify the effects of XSS on users viewing dynamic contents. Mitigating XSS from server side can guarantee a better result than any other technique because users are not required to make any configurations on their browsers and no XSS vector will find its way to the client side. In this research, a framework was developed, which is based on pattern matching using regular expressions. This framework will detect any occurrence of XSS vectors within the data collected from users and nullify them before passing it over to the web application for further processing. This implies that the web application may not store or process any XSS vectors. This framework was implemented using a PHP object-oriented prototype model that can be easily integrated into existing web application. Evaluation of the framework was done using a web based PHP social network application and the results of our experiment shows that the proposed system is highly efficient in mitigating XSS attacks while maintaining a negligible runtime overhead on the web server. The purpose of this research is to design a simple XSS attack Filter framework that can be easily integrated into an existing web application which gives this research the potentials of generally reducing the rate of occurrences of XSS attacks on web applications.
Keywords: cross-site scripting, XSS, web application, PHP Filter, firewall, regular expression.
Download full paper

ISSN: 2141-7016

Editor in Chief.

Prof. Gui Yun Tian
Professor of Sensor Technologies
School of Electrical, Electronic and Computer Engineering
University of Newcastle
United Kingdom

 

 

Copyright © Journal of Emerging Trends in Engineering and Applied Sciences 2010