Alarm Aggregation Architecture for Identifying One Way XSS Attacks

Omar Ismail(0251130)

Cross-Site Scripting(XSS) is caused by the failure of web applications to properly validate user input before returning it to the client’s web browser. Although some approahes exist for defending against XSS attacks, XSS vulnerabilities continue to appear in web applications. These weakness, which often result from poorly developed web applications and data processing systems, allows attackers embedding maliciuos HTML-based contents, such as JavaScripts, within HTTP requests or response message. Through embedding HTML code and scripting elements, it is possible to steal session ID information, thus resulting in the leakage of privacy information.

The classic XSS attacks envolves social engineering to trick the victims to click on a link that created by malicious user to stole user’s cookie information. Actually, a victim doesn’t necessarily have to click on a link; XSS code can also be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags,etc,. We call this the one way XSS attack.

We propose a system that not only detects and collects XSS attacks related information but also identify the potential XSS attack codes. This system detects and more importantly identify new type of XSS attacks by manipulating HTTP server response.It shares the collected vulnerability information via central repository.