Abstract
At present, cross site scripting (XSS) is still one of the biggest threat for Internet security. But the defensive approach is still feature matching mostly; that is, to check for a matching and filter in all information submitted. However, filtering technology has many disadvantages as heavy-workload, complex-operation, high-risk and so on. For this reason, our system use the randomization techniques of HTML tags and attributes innovatively, based on the prefix of HTML tags and attributes, to determine the tags and attributes are Web designers expect to generate or other users insert in, and then we follow the results to carry out different policies, only tags and attributes that Web designers expected to generate can be rendered and implemented. By this way, we can defend against XSS attacks completely. The test results show that the system is able to solve a variety of problems in filtering technology. It uses simple and convenient operation and safe and secure effect to free developers from heavy filtering work. System has a good compatibility and portability across platforms, it also can connect with all web-based applications seamlessly. In all, system defend against XSS better and meet the need of today’s XSS attacks defence.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
OWASP: OWASP Top- 2013 10 rcl The Ten Most Critical Web Application Security Risks (2013)
eNet, http://www.enet.com.cn/article/2012/1112/A20121112190987.shtml
Top 25 most dangerous software errors, http://cwe.mitre.org/top25/.CWE/SANS
Bozic, J., Wotawa, F.: XSS Pattern for Attack Modeling in Testing. In: 8th International Workshop on Automation of Software Test (AST), pp. 71–74. IEEE (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lin, H., Yan, Y., Cai, H., Zhang, W. (2014). The Design and Implementation of the Random HTML Tags and Attributes-Based XSS Defence System. In: Tan, Y., Shi, Y., Coello, C.A.C. (eds) Advances in Swarm Intelligence. ICSI 2014. Lecture Notes in Computer Science, vol 8795. Springer, Cham. https://doi.org/10.1007/978-3-319-11897-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-11897-0_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11896-3
Online ISBN: 978-3-319-11897-0
eBook Packages: Computer ScienceComputer Science (R0)