Access count of this item: 594
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
IEICE_117(299)_89.pdf | 304.61 kB | Adobe PDF | View/Open |
Title: | Xilara : XSS auditor using HTML template restoration (インターネットアーキテクチャ) |
Authors: | YAMAZAKI Keitaro KOTANI Daisuke ![]() ![]() ![]() OKABE Yasuo |
Author's alias: | 小谷, 大祐 岡部, 寿男 |
Keywords: | Security XSS Web HTML |
Issue Date: | 15-Nov-2017 |
Publisher: | IEICE |
Journal title: | 電子情報通信学会技術研究報告 |
Volume: | 117 |
Issue: | 299 |
Start page: | 89 |
End page: | 94 |
Abstract: | Mitigating Cross Site Scripting (XSS) is important to protect user’s sensitive data in the web applications. XSS mitigation without modifications of application’s code is beneficial to protect many systems by one system. However, such mitigations depend on request or correspondence between request and response. We propose a new XSS filter, Xilara, that audits structure of responses. First, Xilara collects normal responses and restores HTML template automatically. Second, Xilara detects the stored XSS attack by verifying if the structure of response matches with the template. Our preliminary results show that Xilara can mitigate some known stored XSS vulnerabilities in real applications with acceptable performance. |
Rights: | © 2017 IEICE. |
URI: | http://hdl.handle.net/2433/232851 |
Related Link: | https://www.ieice.org/ken/paper/20171116UbZm/ |
Appears in Collections: | Journal Articles |

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.