Skip to main content
SpringerLink
Log in

The Design and Implementation of the Random HTML Tags and Attributes-Based XSS Defence System

  • Conference paper
Advances in Swarm Intelligence (ICSI 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8795))

Included in the following conference series:

  • 1965 Accesses

Abstract

At present, cross site scripting (XSS) is still one of the biggest threat for Internet security. But the defensive approach is still feature matching mostly; that is, to check for a matching and filter in all information submitted. However, filtering technology has many disadvantages as heavy-workload, complex-operation, high-risk and so on. For this reason, our system use the randomization techniques of HTML tags and attributes innovatively, based on the prefix of HTML tags and attributes, to determine the tags and attributes are Web designers expect to generate or other users insert in, and then we follow the results to carry out different policies, only tags and attributes that Web designers expected to generate can be rendered and implemented. By this way, we can defend against XSS attacks completely. The test results show that the system is able to solve a variety of problems in filtering technology. It uses simple and convenient operation and safe and secure effect to free developers from heavy filtering work. System has a good compatibility and portability across platforms, it also can connect with all web-based applications seamlessly. In all, system defend against XSS better and meet the need of today’s XSS attacks defence.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OWASP: OWASP Top- 2013 10 rcl The Ten Most Critical Web Application Security Risks (2013)

    Google Scholar 

  2. eNet, http://www.enet.com.cn/article/2012/1112/A20121112190987.shtml

  3. WooYun, http://www.wooyun.org/bugs/wooyun-2010-022080

  4. WooYun, http://www.wooyun.org/bugs/wooyun-2010-025030

  5. WooYun, http://www.wooyun.org/bugs/wooyun-2010-025002

  6. Top 25 most dangerous software errors, http://cwe.mitre.org/top25/.CWE/SANS

  7. Bozic, J., Wotawa, F.: XSS Pattern for Attack Modeling in Testing. In: 8th International Workshop on Automation of Software Test (AST), pp. 71–74. IEEE (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Software, Beijing Institute of Technology, Beijing, 100081, China

    Heng Lin, Yiwen Yan, Hongfei Cai & Wei Zhang

Authors
  1. Heng Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yiwen Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hongfei Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Key Laboratory of Machine Perception (MOE), Peking University, 100871, Beijing, China

    Ying Tan

  2. Department of Electrical & Electronic Engineering, Xi’an Jiaotong-Liverpool University, Suzhou, China

    Yuhui Shi

  3. Computer Science Department, CINVESTAV-IPN, Mexico

    Carlos A. Coello Coello

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Lin, H., Yan, Y., Cai, H., Zhang, W. (2014). The Design and Implementation of the Random HTML Tags and Attributes-Based XSS Defence System. In: Tan, Y., Shi, Y., Coello, C.A.C. (eds) Advances in Swarm Intelligence. ICSI 2014. Lecture Notes in Computer Science, vol 8795. Springer, Cham. https://doi.org/10.1007/978-3-319-11897-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11897-0_24

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11896-3

  • Online ISBN: 978-3-319-11897-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation