Presentation | 2003/5/14 A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerabilities Yuuki TAKAHASHI, Omar ISMAIL, Youki KADOBAYASHI, Suguru YAMAGUCHI, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Cross-site scripting (XSS) attacks target web sites with Cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeastures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of the XSS problem. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either client request or server response. The system also shares the indication of vulnerability via central repository. The purpose of the proposed system is two-fold: to protect users from XSS attacks, and to warn web servers with XSS vulnerabilities. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | HTTP / Proxy / Cookie / Cross-Site Scripting / Vulnerability testing |
Paper # | IA2003-6 |
Date of Issue |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2003/5/14(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Internet Architecture(IA) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A Proposal and Implementation of Automatic Detection/Collection System for Cross-Site Scripting Vulnerabilities |
Sub Title (in English) | |
Keyword(1) | HTTP |
Keyword(2) | Proxy |
Keyword(3) | Cookie |
Keyword(4) | Cross-Site Scripting |
Keyword(5) | Vulnerability testing |
1st Author's Name | Yuuki TAKAHASHI |
1st Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology() |
2nd Author's Name | Omar ISMAIL |
2nd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
3rd Author's Name | Youki KADOBAYASHI |
3rd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
4th Author's Name | Suguru YAMAGUCHI |
4th Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
Date | 2003/5/14 |
Paper # | IA2003-6 |
Volume (vol) | vol.103 |
Number (no) | 62 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |