| Paper Abstract and Keywords |
| Presentation |
2005-01-19 09:30
Alarm Aggregation Architecture for Identifying One Way XSS Attacks
Omar Ismail, Masashi Etoh, Youki Kadobayashi, Suguru Yamaguchi (NAIST) |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
Cross-Site Scripting(XSS) is caused by the failure of web applications to properly
validate user input before returning it to the client’s web browser. Although
some approahes exist for defending against XSS attacks, XSS vulnerabilities continue
to appear in web applications. These weakness, which often result from
poorly developed web applications and data processing systems, allows attackers
embedding maliciuos HTML-based contents, such as JavaScripts, within HTTP
requests or response message. Through embedding HTML code and scripting elements,
it is possible to steal session ID information, thus resulting in the leakage
of privacy information.
The classic XSS attacks envolves social engineering to trick the victims to
click on a link that created by malicious user to stole user’s cookie information.
Actually, a victim doesn’t necessarily have to click on a link; XSS code can also
be made to load automatically in an HTML e-mail with certain manipulations of the IMG or IFRAME HTML tags,etc,. We call this the one way XSS attack.
We propose a system that not only detects and collects XSS attacks related
information but also identify the potential XSS attack codes. This system detects
and more importantly identify new type of XSS attacks by manipulating HTTP
server response.The system also shares the collected vulnerability information via
central repository. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
Cross-Site Scripting / Aggregation / Web Application Security / / / / / |
| Reference Info. |
IEICE Tech. Rep., vol. 104, no. 554, IA2004-20, pp. 7-14, Jan. 2005. |
| Paper # |
IA2004-20 |
| Date of Issue |
2005-01-12 (MoMuC, IA) |
| ISSN |
Print edition: ISSN 0913-5685 |
| Download PDF |
|
| Conference Information |
| Committee |
IA MoNA |
| Conference Date |
2005-01-19 - 2005-01-19 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Osaka University Nakanoshima Center |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
Fusion of Mobile and Internet, etc. |
| Paper Information |
| Registration To |
IA |
| Conference Code |
2005-01-IA-MoMuC |
| Language |
English |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Alarm Aggregation Architecture for Identifying One Way XSS Attacks |
| Sub Title (in English) |
|
| Keyword(1) |
Cross-Site Scripting |
| Keyword(2) |
Aggregation |
| Keyword(3) |
Web Application Security |
| Keyword(4) |
|
| Keyword(5) |
|
| Keyword(6) |
|
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Omar Ismail |
| 1st Author's Affiliation |
Nara Institute of Science and Technology (NAIST) |
| 2nd Author's Name |
Masashi Etoh |
| 2nd Author's Affiliation |
Nara Institute of Science and Technology (NAIST) |
| 3rd Author's Name |
Youki Kadobayashi |
| 3rd Author's Affiliation |
Nara Institute of Science and Technology (NAIST) |
| 4th Author's Name |
Suguru Yamaguchi |
| 4th Author's Affiliation |
Nara Institute of Science and Technology (NAIST) |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| Speaker |
Author-1 |
| Date Time |
2005-01-19 09:30:00 |
| Presentation Time |
25 minutes |
| Registration for |
IA |
| Paper # |
MoMuC2004-89, IA2004-20 |
| Volume (vol) |
vol.104 |
| Number (no) |
no.553(MoMuC), no.554(IA) |
| Page |
pp.7-14 |
| #Pages |
8 |
| Date of Issue |
2005-01-12 (MoMuC, IA) |
|