Access count of this item: 594

Files in This Item:
File Description SizeFormat 
IEICE_117(299)_89.pdf304.61 kBAdobe PDFView/Open
Title: Xilara : XSS auditor using HTML template restoration (インターネットアーキテクチャ)
Authors: YAMAZAKI Keitaro
KOTANI Daisuke  kyouindb  KAKEN_id  orcid https://orcid.org/0000-0003-4305-8379 (unconfirmed)
OKABE Yasuo
Author's alias: 小谷, 大祐
岡部, 寿男
Keywords: Security
XSS
Web
HTML
Issue Date: 15-Nov-2017
Publisher: IEICE
Journal title: 電子情報通信学会技術研究報告
Volume: 117
Issue: 299
Start page: 89
End page: 94
Abstract: Mitigating Cross Site Scripting (XSS) is important to protect user’s sensitive data in the web applications. XSS mitigation without modifications of application’s code is beneficial to protect many systems by one system. However, such mitigations depend on request or correspondence between request and response. We propose a new XSS filter, Xilara, that audits structure of responses. First, Xilara collects normal responses and restores HTML template automatically. Second, Xilara detects the stored XSS attack by verifying if the structure of response matches with the template. Our preliminary results show that Xilara can mitigate some known stored XSS vulnerabilities in real applications with acceptable performance.
Rights: © 2017 IEICE.
URI: http://hdl.handle.net/2433/232851
Related Link: https://www.ieice.org/ken/paper/20171116UbZm/
Appears in Collections:Journal Articles

Show full item record

Export to RefWorks


Export Format: 


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.