Alarm Aggregation Architecture for Identifying One Way XSS Attacks
Omar Ismail(0251130)
Cross-Site Scripting(XSS) is caused by the failure of web applications to properly
validate user input before returning it to the client’s web browser. Although
some approahes exist for defending against XSS attacks, XSS vulnerabilities continue
to appear in web applications. These weakness, which often result from
poorly developed web applications and data processing systems, allows attackers
embedding maliciuos HTML-based contents, such as JavaScripts, within HTTP
requests or response message. Through embedding HTML code and scripting elements,
it is possible to steal session ID information, thus resulting in the leakage
of privacy information.
The classic XSS attacks envolves social engineering to trick the victims to
click on a link that created by malicious user to stole user’s cookie information.
Actually, a victim doesn’t necessarily have to click on a link; XSS code can also
be made to load automatically in an HTML e-mail with certain manipulations of
the IMG or IFRAME HTML tags,etc,. We call this the one way XSS attack.
We propose a system that not only detects and collects XSS attacks related
information but also identify the potential XSS attack codes. This system detects
and more importantly identify new type of XSS attacks by manipulating
HTTP server response.It shares the collected vulnerability information via central
repository.