Preventing Abuse of Cookies Stolen by XSS

机译：阻止滥用曲奇饼被XSS偷走了

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cross Site Scripting (XSS) makes victims execute an arbitrary script and leaks out personal information from victims' computers. An adversary can easily get victim's cookies by the XSS attack. If the adversary cannot use the stolen cookies to impersonate the victim, stealing cookie has no meaning. Therefore, we propose a method to prohibit the abuse of stolen cookies in order to make it ineffective to steal cookies through the XXS attack. The proposed method uses onetime password and challenge-response authentication to identify whether a person is a valid owner of the cookie or not.

机译：跨站点脚本（XSS）使受害者执行任意脚本并从受害者的计算机中泄露出个人信息。对手可以通过XSS攻击轻松获得受害者的饼干。如果对手不能使用被盗的饼干来冒充受害者，偷饼干没有意义。因此，我们提出了一种禁止滥用被盗饼干的方法，以使其无效地通过XXS攻击窃取饼干。该方法使用oneTime密码和质询 - 响应身份验证来识别人是否是饼干的有效所有者。

著录项

来源
《Asia Joint Conference on Information Security》|2013年||共5页
会议地点
作者
Hiroya Takahashi; Kenji Yasunaga; Masahiro Mambo; Kwangjo Kim; Heung Youl Youm;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP309-53;
关键词
Cookies; Cross Site Scripting; HTTP; Web Application;

机译：饼干;跨站点脚本;http;web应用程序;

相似文献

外文文献
中文文献
专利

1. Cross-Site Scripting (XSS) Abuse and Defense: Exploitation on Several Testing Bed Environments and Its Defense [J] . B. B. Gupta, S. Gupta, S. Gangwar, Journal of information privacy & security: JIPS . 2015,第2期

机译：跨站点脚本（XSS）滥用和防御：在几种测试床环境上利用及其防御
2. How to Train Your Browser: Preventing XSS Attacks Using Contextualn Script Fingerprints [J] . Mitropoulos Dimitris, Stroggylos Konstantinos, Spinellis Diomidis, ACM Transaction on Information and System Security . 2016,第1期

机译：如何训练您的浏览器：使用Contextualn脚本指纹防止XSS攻击
3. Analyzing Virtualization Vulnerabilities and Design a Secure Cloud Environment to Prevent from XSS Attack [J] . Nitin Nagar, Ugrasen Suman International journal of cloud applications and computing . 2016,第1期

机译：分析虚拟化漏洞并设计安全的云环境以防止XSS攻击
4. Preventing Abuse of Cookies Stolen by XSS [C] . Takahashi Hiroya, Yasunaga Kenji, Mambo Masahiro, Asia Joint Conference on Information Security . 2013

机译：防止滥用XSS窃取的Cookie
5. Preventing alcohol and drug abuse through primary education: An evaluation of a school -based substance abuse prevention program. [D] . Baker, Vanessa. 2003

机译：通过初等教育预防酒精和药物滥用：对基于学校的药物滥用预防计划的评估。
6. Internet-based behavioural activation to improve depressive symptoms and prevent child abuse in postnatal women (SmartMama): a protocol for a pragmatic randomized controlled trial [O] . Erika Obikane, Toshiaki Baba, Tomohiro Shinozaki, 2021

机译：基于互联网的行为激活改善抑郁症状预防产后女性的儿童虐待（Smartmama）：一种务实随机对照试验的议定书
7. Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security [O] . Young B. Choi, Yin L., Kenneth LaCroix 2019

机译：饼干和会话：对他们所在的研究，如何被盗和讨论安全性
8. Stopping Insider Abuse and Spying. Detecting the Hard Stuff: Stolen Passwords Unauthorized Records Browsing, Employee Espionage, Infiltration, and Insertion of Unwelcome Code, via Automatic Behavior Profiling [R] . Steinman, D. , Celiceo, M. , Head, J. 1999

机译：阻止内部人员滥用和间谍活动。检测硬件：被盗密码未经授权的记录浏览，员工间谍，渗透和插入不受欢迎的代码，通过自动行为分析

Preventing Abuse of Cookies Stolen by XSS

摘要

著录项

相似文献

相关主题

期刊订阅