Home // International Journal On Advances in Software, volume 11, numbers 3 and 4, 2018 // View article

Protecting Against Reflected Cross-Site Scripting Attacks

Authors:
Pål Ellingsen
Andreas Svardal Vikne

Keywords: Cross-site scripting protection; input filtering; soft- ware security; injection attacks.

Abstract:
One of the most dominant threats against web applica- tions is the class of script injection attacks, also called cross-site scripting. This class of attacks affects the client-side of a web application, and is a critical vulnerability that is difficult to both detect and remediate for websites, often leading to insufficient server-side protection, which is why the end-users need an extra layer of protection at the client-side, utilizing the defense in depth strategy. This paper discusses a client-side filter for Mozilla Firefox that protects against Reflected cross-site scripting attacks, while maintaining high performance. By conducting tests on the implemented solution, the conclusion is that the filter does provide more protection than the original Firefox version, at the same time achieving high performance, which with only some further improvements would become an effective option for end-users of web applications to protect themselves against Reflected cross-site scripting attacks.

Pages: 418 to 439

Copyright: Copyright (c) to authors, 2018. Used with permission.

Publication date: December 30, 2018

Published in: journal

ISSN: 1942-2628