Presentation | 2017-11-16 Xilara: XSS audItor using htmL templAte restoRAtion Keitaro Yamazaki, Daisuke Kotani, Yasuo Okabe, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Mitigating Cross Site Scripting (XSS) is important to protect user's sensitive data in the web applications. XSS mitigation without modifications of application's code is beneficial to protect many systems by one system. However, such mitigations depend on request or correspondence between request and response. We propose a new XSS filter, Xilara, that audits structure of responses. First, Xilara collects normal responses and restores HTML template automatically. Second, Xilara detects the stored XSS attack by verifying if the structure of response matches with the template. Our preliminary results show that Xilara can mitigate some known stored XSS vulnerabilities in real applications with acceptable performance. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | SecurityXSSWebHTMLCross Site Scripting |
Paper # | IA2017-49 |
Date of Issue | 2017-11-08 (IA) |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2017/11/15(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | KMITL, Bangkok, Thailand |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | IA2017 - Workshop on Internet Architecture and Applications 2017 |
Chair | Katsuyoshi Iida(Hokkaido Univ.) |
Vice Chair | Rei Atarashi(IIJ) / Hiroyuki Osaki(Kwansei Gakuin Univ.) / Tomoki Yoshihisa(Osaka Univ.) |
Secretary | Rei Atarashi(Tokyo Metropolitan Univ.) / Hiroyuki Osaki(TOYOTA-IT) / Tomoki Yoshihisa |
Assistant | Kenji Ohira(Tokushima Univ.) / Ryohei Banno(NTT) / Toshiki Watanabe(NEC) |
Paper Information | |
Registration To | Technical Committee on Internet Architecture |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Xilara: XSS audItor using htmL templAte restoRAtion |
Sub Title (in English) | |
Keyword(1) | SecurityXSSWebHTMLCross Site Scripting |
1st Author's Name | Keitaro Yamazaki |
1st Author's Affiliation | Kyoto University(Kyoto Univ.) |
2nd Author's Name | Daisuke Kotani |
2nd Author's Affiliation | Kyoto University(Kyoto Univ.) |
3rd Author's Name | Yasuo Okabe |
3rd Author's Affiliation | Kyoto University(Kyoto Univ.) |
Date | 2017-11-16 |
Paper # | IA2017-49 |
Volume (vol) | vol.117 |
Number (no) | IA-299 |
Page | pp.pp.89-94(IA), |
#Pages | 6 |
Date of Issue | 2017-11-08 (IA) |