文献知网节
  • 记笔记

Performance Comparison of XSS Mitigations based on Platform and Browsers

Ravi Kanth KothaDinesh NaikGaurav Prasad

Information Technology National Institute of Technology Karnataka

摘要:In the recent years,everything is on web.It may be Organization’s administration software,Custom ERP application,Employee portals or Real estate portals.The Social networking sites like Face book,Twitter,MySpace which is a web applications being used by millions of users around the world.Hence they are observed and may be exploited by hackers.Researchers and industry experts state that the Cross-site Scripting (XSS) is the one of the top most vulnerability in the web application.XSS consists in the exploitation of input validation flaws,with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim.According to OSWAP,Cross-site scripting attacks on web applications have experienced an important rise in recent year.This demands an efficient approach on the server side to protect the users of the application.While the reason for the vulnerability primarily lies on the server side,the actual exploitation is within the victim’s web browser on the client-side.Therefore,an operator of a web application has only very limited evidence of XSS issues.However,there are many solutions for this vulnerability.But such techniques may degrade the performance of the system.In such scenarios,challenge is to decide which method,platform,browser and middleware can be used to overcome the vulnerability,with reasonable performance over head to the system.Motivated by this problem,we present performance comparison of two mitigation techniques for Cross-site Scripting (XSS) at the server side based on the parameters like application’s platform,middleware technology and browser used by the end user.We implemented Mitigation PARSING technique using database and REPLACE technique in different platforms,middleware’s and checked its performance.We calculated the time taken by different browsers to render the pages using two techniques under different platform and middleware.In this paper we proposed the best combination of development platform,browser and the middleware for the two mitigation technique with respect to developer and end users
会议名称:

2012 International Conference on Security Science and Technology(ICSST 2012)

会议时间:

2012-03-10

会议地点:

Hong Kong,China

  • 专辑:

    电子技术及信息科学

  • 专题:

    互联网技术

  • 分类号:

    TP393.092

  • 手机阅读
    即刻使用手机阅读
    第一步

    扫描二维码下载

    "移动知网-全球学术快报"客户端

    第二步

    打开“全球学术快报”

    点击首页左上角的扫描图标

    第三步

    扫描二维码

    手机同步阅读本篇文献

  • CAJ下载
  • PDF下载

下载手机APP用APP扫此码同步阅读该篇文章

下载:24 页码:64-69 页数:6 大小:294k

相关推荐
  • 相似文献
  • 读者推荐
  • 相关基金文献
  • 关联作者
  • 相关视频