| Title | A New Cross-Site Scripting Detection Mechanism Integrated with HTML5 and CORS Properties by Using Browser Extensions |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Wang, C. H., Zhou, Y. S. |
| Conference Name | 2016 International Computer Symposium (ICS) |
| Keywords | browser extension, browser extensions, Browsers, composability, CORS, cross origin resource shearing (CORS), Cross Site Scripting, Cross-site scripting (XSS), cross-site scripting detection mechanism, Databases, HTML5, Human Behavior, hypermedia markup languages, Malware, OWASP, pubcrawl, Resiliency, security, security of data, Servers, Uniform resource locators, web security, XSS attack detection |
| Abstract | Cross site scripting (XSS) is a kind of common attack nowadays. The attack patterns with the new technical like HTML5 that makes detection task getting harder and harder. In this paper, we focus on the browser detection mechanism integrated with HTML5 and CORS properties to detect XSS attacks with the rule based filter by using browser extensions. Further, we also present a model of composition pattern estimation system which can be used to judge whether the intercepted request has malicious attempts or not. The experimental results show that our approach can reach high detection rate by tuning our system through some frequently used attack sentences and testing it with the popular tool-kits: XSSer developed by OWASP. |
| DOI | 10.1109/ICS.2016.0060 |
| Citation Key | wang_new_2016 |
A New Cross-Site Scripting Detection Mechanism Integrated with HTML5 and CORS Properties by Using Browser Extensions