An automaton based approach for forestalling cross site scripting attacks in web application

摘要

Application layer attacks are increasing rapidly and are becoming a common threat to Web security. Attackers use many types of vulnerable malicious code to cripple and penetrate a Web site, from low-level attacks to high-level data breaches that expose infrastructure of the web applications. OWSAP 2015 has declared that XSS attacks are amongst the most powerful attacks against web applications. These attacks can be prevented by using techniques like same origin policy, filtering, escaping and other validation approaches. XSS vulnerabilities may lead to effects like denial of service, stealing of cookies, session tokens, and other user sensitive data. We propose a linear based automaton approach called XSS Chaser which prevents web applications from XSS attacks. Our approach performs string analysis to generate vulnerable patterns to prevent XSS. These patterns are generated using onward and backward interpretation. The experimental result shows that our approach provides better response time compared to existing Techniques.