Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment. (2016)
- Record Type:
- Journal Article
- Title:
- Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment. (2016)
- Main Title:
- Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment
- Authors:
- Gupta, Shashank
Gupta, B.B. - Abstract:
- Abstract: To thwart the virtual machines from being a victim of XSS attacks on the cloud computing environment, this paper presents an enhanced XSS defensive methodology for the cloud platforms. This framework initially scans the HTTP requests for the embedded URI links that points towards the links of external JS files and which may contain malicious XSS payload. Our design also explores the HTTP response for extracting the script content and compares this content with the script content retrieved from the URI links. Any resemblance observed in both these extracted set of scripts would be considered as malicious XSS worm. The testing and evaluation of our framework was done on tested bed of real world web applications by injecting the XSS attack payloads on their vulnerable injection points. Evaluation results revealed that our framework detects the XSS attack vectors with fewer rates of false negatives and false positives.
- Is Part Of:
- Procedia technology. Volume 24(2016)
- Journal:
- Procedia technology
- Issue:
- Volume 24(2016)
- Issue Display:
- Volume 24, Issue 2016 (2016)
- Year:
- 2016
- Volume:
- 24
- Issue:
- 2016
- Issue Sort Value:
- 2016-0024-2016-0000
- Page Start:
- 1595
- Page End:
- 1602
- Publication Date:
- 2016
- Subjects:
- Cloud Computing -- Cloud Security -- Virtual Machines -- Cross-Site Scripting (XSS) Worms -- URI Links.
Technology -- Congresses
Technology -- Periodicals
Engineering -- Congresses
Engineering -- Periodicals
Engineering
Technology
Conference proceedings
Periodicals
605 - Journal URLs:
- http://www.sciencedirect.com/science/journal/22120173 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.protcy.2016.05.152 ↗
- Languages:
- English
- ISSNs:
- 2212-0173
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2229.xml