Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESORICS
2009
Springer
2009
Springer
Client-Side Detection of XSS Worms by Monitoring Payload Propagation
Cross-site scripting (XSS) vulnerabilities make it possible for worms to spread quickly to a broad range of users on popular Web sites. To date, the detection of XSS worms has been largely unexplored. This paper proposes the first purely client-side solution to detect XSS worms. Our insight is that an XSS worm must spread from one user to another by reconstructing and propagating its payload. Our approach prevents the propagation of XSS worms by monitoring outgoing requests that send self-replicating payloads. We intercept all HTTP requests on the client side and compare them with currently embedded scripts. We have implemented a cross-platform Firefox extension that is able to detect all existing self-replicating XSS worms that propagate on the client side. Our test results show that it incurs low performance overhead and reports no false positives when tested on popular Web sites.
Real-time TrafficESORICS 2009 | Popular Web Sites | Security Privacy | Self-replicating Payloads | Self-replicating Xss Worms |
| Added | 23 Nov 2009 |
| Updated | 23 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | ESORICS |
| Authors | Fangqi Sun, Liang Xu, Zhendong Su |
Comments (0)
Researcher Info
|
