EconPapers    
Economics at your fingertips  
 

Defending the OSN-Based Web Applications from XSS Attacks Using Dynamic JavaScript Code and Content Isolation

Pooja Chaudhary (), B. B. Gupta () and Shashank Gupta ()
Additional contact information
Pooja Chaudhary: National Institute of Technology Kurukshetra
B. B. Gupta: National Institute of Technology Kurukshetra
Shashank Gupta: National Institute of Technology Kurukshetra

A chapter in Quality, IT and Business Operations, 2018, pp 107-119 from Springer

Abstract: Abstract Online social networks (OSNs) are continuously suffering from the plague of cross-site scripting (XSS) vulnerabilities. This article presents a contemporary XSS defensive framework for the OSN-based web applications that is completely based on the context type qualifier. The proposed framework executes in two key phases: Context-Aware Sanitization Generator (CASG) and Context-Aware Dynamic Parsing (CADP). The former phase performs the static analysis of HTML document to determine the context of the untrusted JavaScript code. In addition to this, it also injects the context-sensitive sanitizers in the location of the untrusted JavaScript code. The later phase performs the dynamic parsing of HTML document generated by the first phase. The main objective of this phase is to determine the context of the untrusted malicious script code that is statically ambiguous to identify in the first phase. It also performs the sanitization depending on the context identified. The testing and evaluation of proposed framework was done on a tested suite of real-world OSN-based web applications (e.g., HumHub and Elgg). The experimental results revealed that the proposed framework is capable of implementing auto-context aware sanitization on the untrusted JavaScript malicious code with less number of false positives and false negatives. Evaluation outcomes also revealed that the technique has accomplished the untrusted malicious JavaScript code isolation in the HTML document generated by OSN-based web applications for mitigating the effect of XSS worms with less dynamic runtime overhead.

Keywords: Cross-site scripting worms; Online social network security; Context aware sanitization; Context type qualifier (search for similar items in EconPapers)
Date: 2018
References: Add references at CitEc
Citations:

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:spr:prbchp:978-981-10-5577-5_9

Ordering information: This item can be ordered from
http://www.springer.com/9789811055775

DOI: 10.1007/978-981-10-5577-5_9

Access Statistics for this chapter

More chapters in Springer Proceedings in Business and Economics from Springer
Bibliographic data for series maintained by Sonal Shukla () and Springer Nature Abstracting and Indexing ().

 
Page updated 2025-06-15
Handle: RePEc:spr:prbchp:978-981-10-5577-5_9