Justified Cross-Site Scripting Attacks Prevention from Client-Side
Journal Title: International Journal on Computer Science and Engineering - Year 2014, Vol 6, Issue 7
Abstract
Web apps are fetching towards the overriding way to offer access to web services. In parallel, vulnerabilities of web application are being revealed and unveiled at an frightening rate. Web apps frequently make JavaScript code utilization that is entrenched into web pages to defend client-side behavior which is dynamic. This script code is accomplished in the circumstance of the client’s web browser. From malicious JavaScript code to shield the client’s environment, a mechanism known as sandboxing is utilized that confines a program to admittance only resources connected with its origin website. Regrettably, these protection mechanisms not succeed if a client can be attracted into malicious JavaScript code downloading from an in-between, faithful site. In this situation, the wicked script is approved complete entrée to each and every resource (for example cookies and authentication tokens) that be in the right place to the trusted/faithful site. Those types of attacks are described as XSS (crosssite scripting) attacks. Commonly, cross-site scripting attacks are simple to perform, but complicated to identify and stop. One cause is the far above the ground HTML encoding methods flexibility, presenting the attacker a lot of chances for circumventing input filters on the server-side that must put off malicious scripts from entering into trusted/faithful sites. Also, developing a client-side way out is not simple cause of the complicatedness of recognizing JavaScript code as formatted as malicious. This theory shows that noxes is the finest of our understanding the initial client-side resolution to moderate cross-site scripting attacks. Noxes works as a web proxy and utilizes both automatically and manual produced rules to moderate possible cross-site scripting efforts. Noxes efficiently defends against data outflow from the client’s environment while needs least client communication and customization attempt.
Authors and Affiliations
A. MONIKA , D. RAMAN
Keywords
Related Articles
- EP ID EP131846
- DOI -
- Views 118
- Downloads 0
Implementation of Featureset Reduced Symmetric Transform in Image Retrieval Optimized for FPGA
In this paper we present an algorithm for medical image retrieval system which is optimized for use in FPGA. The algorithm proposed is based on the improvement of fast Hartley transform and can be used in conjunction wit...
Facets of Software Component Repository
The software repository is used for storing, managing, and retrieving large numbers of software components. Repositories should be designed to meet the growing and changing needs of the software development organizations...
GUI BASED REMOTE ON/OFF CONTROL AND MONITORING SINGLE PHASE LAMP USING MICROCONTROLLER
Microcontrollers are very popular in electronics and computer-controlled systems worldwide. This paper presents the control of a microcontroller-based system using the omputer and explains comprehensively the hardware a...
Iris Pattern Segmentation using Automatic Segmentation and Window Technique
A Biometric system is an automatic identification of an individual based on a unique feature or characteristic. Iris recognition has great advantage such as variability, stability and security. In this paper, use the two...
Cloud Computing: A solution to Geographical Information Systems (GIS) Cloud Computing and GIS
Geographical Information Systems or Geospatial Information Systems (GIS) is a collection of tools that captures, stores, analyzes, manages, and presents data that are linked to geographical locations. GIS plays an essent...