Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESORICS
2011
Springer
2011
Springer
A Systematic Analysis of XSS Sanitization in Web Application Frameworks
While most research on XSS defense has focused on techniques for securing existing applications and re-architecting browser mechanisms, sanitization remains the industry-standard defense mechanism. By streamlining and automating XSS sanitization, web application frameworks stand in a good position to stop XSS but have received little research attention. In order to drive research on web frameworks, we systematically study the security of the XSS sanitization ions frameworks provide. We develop a novel model of the web browser and characterize the challenges of XSS sanitization. Based on the model, we syslly evaluate the XSS abstractions in 14 major commercially-used web frameworks. We find that frameworks often do not address critical parts of the XSS conundrum. We perform an empirical analysis of 8 large web applications to extract the requirements of sanitization primitives from the perspective of realworld applications. Our study shows that there is a wide gap between the abstracti...
Real-time Traffic| Added | 20 Dec 2011 |
| Updated | 20 Dec 2011 |
| Type | Journal |
| Year | 2011 |
| Where | ESORICS |
| Authors | Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Eui Chul Richard Shin, Dawn Song |
Comments (0)
Researcher Info
|
