XSSDS: Server-Side Detection of Cross-Site Scripting Attacks

@article{Johns2008XSSDSSD,
  title={XSSDS: Server-Side Detection of Cross-Site Scripting Attacks},
  author={Martin Johns and Bj{\"o}rn Engelmann and Joachim Posegga},
  journal={2008 Annual Computer Security Applications Conference (ACSAC)},
  year={2008},
  pages={335-344}
}
Cross-site scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the server-side, the actual exploitation is within the victim's Web browser on the client-side. Therefore, an operator of a Web application has only very limited evidence of XSS issues. In this paper, we propose a passive detection system to identify successful XSS attacks. Based on a prototypical implementation, we examine our approach's… CONTINUE READING
Highly Cited
This paper has 90 citations. REVIEW CITATIONS
45 Citations
20 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 45 extracted citations

91 Citations

01020'10'12'14'16'18
Citations per Year
Semantic Scholar estimates that this publication has 91 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-10 of 20 references

IE 8 XSS filter architecture/implementation

  • D. Ross
  • [online], http://blogs.technet.com/swi/archive…
  • 2008
1 Excerpt

rbnarcissus. Software, http://code

  • P. Sowden
  • google.com/p/rbnarcissus/ (04/01/08),
  • 2008
1 Excerpt

Jspwiki multiple vulnerabilitie. Posting to the Bugtraq mailinglist, http://seclists.org/ bugtraq/2007/Sep/0324.html

  • J. Kratzer
  • 2007
1 Excerpt

Vulnerability type distributions in cve, version 1.1

  • S. Christey, R. A. Martin
  • [online], http://cwe.mitre. org/documents/vuln…
  • 2007
2 Excerpts

Noscript firefox extension

  • G. Maone
  • Software, http: //www.noscript.net/whats,
  • 2006
2 Excerpts

Similar Papers

Loading similar papers…