Home // SOFTENG 2018, The Fourth International Conference on Advances and Trends in Software Engineering // View article

Client-Side XSS Filtering in Firefox

Authors:
Pål Ellingsen
Andreas Vikne

Keywords: cross-site scripting; client-side filtering; web browser protection

Abstract:
One of the most dominant threats against Web appli- cations is the class of script injection attacks, also called cross-site scripting. This class of attacks affects the client-side of a Web application, and is a critical vulnerability that is difficult to both detect and remediate for website owners, often leading to insufficient server-side protection, which is why the end-users need an extra layer of protection at the client-side, utilizing the defense in depth principle. In this paper, a client-side filter for Mozilla Firefox is presented, with the goal of protecting against reflected cross-site scripting attacks while maintaining high performance. By conducting tests on our implemented solution, although still in an early phase, we can conclude that our filter does provide more protection than the original Firefox browser, at the same time achieving high performance, which with further development would become an effective option for end-users of Web applications to protect themselves against reflected cross-site scripting attacks.

Pages: 24 to 29

Copyright: Copyright (c) IARIA, 2018

Publication date: April 22, 2018

Published in: conference

ISSN: 2519-8394

ISBN: 978-1-61208-632-3

Location: Athens, Greece

Dates: from April 22, 2018 to April 26, 2018