keyboard_arrow_up
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers

Authors

Ravi Kanth Kotha, Gaurav Prasad and Dinesh Naik, National Institute of Technology, India

Abstract

In the recent years, everything is in web. It may be Organization’s administration software, Custom ERP application, Employee portals or Real estate portals. The Social networking sites like Face book, Twitter, MySpace which is a web application is been used by millions of users around the world. So web applications have become very popular among users. Hence they are observed and may be exploited by hackers. Researchers and industry experts state that the Cross-site Scripting (XSS) is the one of the top most vulnerabilities in the web application. The cross-site scripting has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. According to OSWAP, Cross-site scripting attacks on web applications have experienced an important rise in recent year. This demands an efficient approach on the server side to protect the users of the application as the reason for the vulnerability primarily lies on the server side. The actual exploitation is within the victim’s web browser on the client-side. Therefore, an operator of a web application has only very limited evidence of XSS issues. However, there are many solutions for this vulnerability. But such techniques may degrade the performance of the system. In such scenarios challenge is to decide which method, platform, browser and middleware can be used to overcome the vulnerabilities, with reasonable performance over head to the system. Inspired by this problem, we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform, middleware technology and browser used by the end user. We implemented Mitigation parsing technique using database and replace technique in different platforms, middleware and checked its performance. We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware. In this paper we proposed the best combination of development platform, browser and the middleware for the two mitigation technique with respect to developer and end users.

Keywords

Parsing mitigation technique, replace technique, XSS attack, platform, middleware, browser, JAVA,C#.

Full Text  Volume 2, Number 2