Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud-Reference-Cited by-同舟云学术

Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

Published:2017-01 Issue:1 Volume:7 Page:1-31
ISSN:2156-1834
Container-title:International Journal of Cloud Applications and Computing
language:en
Short-container-title:

Author:

Gupta B. B.¹,Gupta Shashank²,Chaudhary Pooja²

Affiliation:

1. National Institute of Technology Kurukshetra, India

2. National Institute of Technology, Department of Computer Engineering, Kurukshetra, India

Abstract

This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

Publisher

IGI Global

Subject

General Medicine

Reference28 articles.

1. A web engineering security methodology for e-learning systems

2. Cloud Security Engineering

3. Investigations of automatic methods for detecting the polymorphic worms signatures

4. Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., & Vigna, G. (2008, May). Saner: Composing static and dynamic analysis to validate sanitization in web applications. Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP ‘08) (pp. 387-401). IEEE.

5. Regular expressions considered harmful in client-side XSS filters

Cited by 67 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. CarePlus: A general framework for hardware performance counter based malware detection under system resource competition;Computers & Security;2024-08

2. Strength characteristics of self-compacting concrete with alkali-activated fly ash;AIP Advances;2024-04-01

3. Key-homomorphic and revocable ciphertext-policy attribute based key encapsulation mechanism for multimedia applications;Multimedia Tools and Applications;2024-02-29

4. Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learning;International Journal of Information Security;2023-03-01

5. Cross-Site Scripting Recognition Using LSTM Model;Intelligent Computing and Communication;2023