| Presentation | 2005-01-19 An Alarm Aggregation Architecture for Identifying One-Way XSS Attacks Omar ISMAIL, Masashi ETOH, Youki KADOBAYASHI, Suguru YAMAGUCHI, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Cross-Site Scripting (XSS) is caused by the failure of Web applications to properly validate user input before returning it to the client's Web browser. Although some approaches exist for defending against XSS attacks, XSS vulnerabilities continue to appear in Web applications. These weaknesses, which often resulted from poorly developed Web applications and data processing systems, allow attackers to embed maliciuos HTML-based contents, such as JavaScripts, within HTTP requests or response messages. Through embedding HTML code and scripting elements, it is possible to steal session ID information, thus resulting in the leakage of private information. The classic XSS attack involves social engineering to trick the victims to click on a link with embedded scripts created by attackers. The victims do not necessarily have to click on a link. XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags, etc, . We call this the "one-way XSS attack". We propose a system that not only detects and collects XSS attack-related information but also identifies the potential XSS attack codes. This system detects and, more importantly identifies new types of XSS attacks by manipulating HTTP server response. The system also shares collected vulnerability information via a central repository. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Javascript / Cookie / Sensor / Cross-Site Scripting / Aggregation |
| Paper # | MoMuC2004-89,IA2004-20 |
| Date of Issue |
| Conference Information | |
| Committee | MoMuC |
|---|---|
| Conference Date | 2005/1/12(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Mobile Multimedia Communications(MoMuC) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | An Alarm Aggregation Architecture for Identifying One-Way XSS Attacks |
| Sub Title (in English) | |
| Keyword(1) | Javascript |
| Keyword(2) | Cookie |
| Keyword(3) | Sensor |
| Keyword(4) | Cross-Site Scripting |
| Keyword(5) | Aggregation |
| 1st Author's Name | Omar ISMAIL |
| 1st Author's Affiliation | Graduate School of Information Science Nara Institute of Science and Technology() |
| 2nd Author's Name | Masashi ETOH |
| 2nd Author's Affiliation | Graduate School of Information Science Nara Institute of Science and Technology |
| 3rd Author's Name | Youki KADOBAYASHI |
| 3rd Author's Affiliation | Graduate School of Information Science Nara Institute of Science and Technology |
| 4th Author's Name | Suguru YAMAGUCHI |
| 4th Author's Affiliation | Graduate School of Information Science Nara Institute of Science and Technology |
| Date | 2005-01-19 |
| Paper # | MoMuC2004-89,IA2004-20 |
| Volume (vol) | vol.104 |
| Number (no) | 553 |
| Page | pp.pp.- |
| #Pages | 7 |
| Date of Issue | |