Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

MoreLess

Year of publication:	2017
Authors:	Gupta, B.B. ; Gupta, Shashank ; Chaudhary, Pooja
Published in:	International Journal of Cloud Applications and Computing (IJCAC). - IGI Global, ISSN 2156-1826, ZDB-ID 2628467-4. - Vol. 7.2017, 1 (01.01.), p. 1-31
Publisher:	IGI Global
Subject:	Context-Sensitive Sanitization \| Cross-Site Scripting (XSS) Worms \| Document Object Model (DOM) Tree \| DOM-Based XSS Vulnerabilities \| HTML5 Web Applications

Online Resource

Check full text access |

More access options

doi.org

Check Google Scholar

In libraries world-wide (WorldCat)

In German libraries (KVK)

subito order

I need help

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/IJCAC.2017010101 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10012043367