Moving Target Defense Against Cross-Site Scripting Attacks (Position Paper)
作者: Joe Portner , Joel Kerr , Bill Chu
DOI: 10.1007/978-3-319-17040-4_6
关键词:
摘要: We present a new method to defend against cross-site scripting (XSS) attacks. Our approach is based on mutating symbols in the JavaScript language and leveraging commonly used load-balancing mechanisms deliver multiple copies of website using different versions language. A XSS attack that injects unauthorized code can thus be easily detected. solution achieves similar benefits protection as Content Security Policy (CSP), leading web standard prevent cross site scripting, but much more adopted because refactoring websites not required.
springer.com
sci-hub.st 参考文章(6)
Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
Elias Athanasopoulos, Antonis Krithinakis, Evangelos P. Markatos, An architecture for enforcing javascript randomization in web2.0 applications international conference on information security. pp. 203- 209 ,(2010) , 10.1007/978-3-642-18178-8_18
Antonis Krithinakis, Elias Athanasopoulos, Evangelos P. Markatos, Isolating JavaScript in dynamic code environments Proceedings of the 2010 Workshop on Analysis and Programming Languages for Web Applications and Cloud Applications - APLWACA '10. pp. 45- 49 ,(2010) , 10.1145/1810139.1810147
Jing Xie, Bill Chu, Heather Richter Lipford, John T. Melton, ASIDE: IDE support for web application security annual computer security applications conference. pp. 267- 276 ,(2011) , 10.1145/2076732.2076770
Gaurav S. Kc, Angelos D. Keromytis, Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization computer and communications security. pp. 272- 280 ,(2003) , 10.1145/948109.948146
Gary Wassermann, Zhendong Su, Static detection of cross-site scripting vulnerabilities international conference on software engineering. pp. 171- 180 ,(2008) , 10.1145/1368088.1368112