Methods of Blocking Vulnerabilities of XSS Type Based on the Service Oriented Architecture

摘要

Web-applications are developed in several languages and deployed in various operating systems. This is connected with the various functions that web-application provides to its users. E-commerce applications must take into account various interfaces required for interoperability, security, and availability of a web-applications. Therefore, applications are developed using various languages such as PHP, ASP, JSP, NET, Python, etc., based on web-application requirements. Applications are constantly checked for vulnerabilities, and when they are vulnerable, they can be attacked. Research data shows that about 70% of web-applications are vulnerable to attacks of XSS form. This is due to the fact that entering data by users is allowed in text fields in web-application forms. This increases the threat to a web-application, allowing hackers the embedding of malicious content into the web-application. This article presents a new solution for blocking Cross-Site Scripting (XSS) attacks, which does not depend on the languages, in which web-applications are developed and eliminates XSS vulnerabilities arising from other interfaces. The solution is directed on providing independent services with specific interfaces that can be invoked to perform their tasks in a standard way without prior knowledge of the calling application by the service and without the application knowing how the service actually performs its tasks. The solution is based on a service-oriented architecture (SOA) approach. A method has been developed for blocking vulnerabilities of the XSS type based on the ability to protect applications from XSS attacks using XML and XSD. This includes creating an XML-document based on all form controls submitted by the user.