Please use this identifier to cite or link to this item:
Title: Streamlined security framework for defence against XSS attacks targeted at HTML5
Authors: Cheng, Chi Chung.
Keywords: DRNTU::Engineering::Computer science and engineering::Data::Data encryption
Issue Date: 2012
Abstract: With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mainstream adoption, web applications that incorporate HTML5 features such as the enhanced communication between origins in both server and client have become more vulnerable to pervasive browser-based attacks such as cross-site scripting (XSS), cross-site forgery (CSRF) and SQL Injection. This report presents a server-client collaborative framework for detecting and preventing cross-site attacks and thus assisting for the development of XSS-free web applications based on HTML5. Script-Key aims to be fast, developer friendly (without the need for the developer to modify the web applications code) and providing backwards compatibility. The Script-Key framework is implemented and evaluated in Mozilla Firefox and the Apache web server. The Script-Key framework can successfully detect and prevent a range of XSS attacks in simulated tests while imposes negligible overhead in both server and client side without any negative side-effects in overall user’s web browsing experience.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
  Restricted Access
3.29 MBAdobe PDFView/Open

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.