Streamlined security framework for defence against XSS attacks targeted at HTML5
With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mai...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/48806 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mainstream adoption, web applications that incorporate HTML5 features such as the enhanced communication between origins in both server and client have become more vulnerable to pervasive browser-based attacks such as cross-site scripting (XSS), cross-site forgery (CSRF) and SQL Injection. This report presents a server-client collaborative framework for detecting and preventing cross-site attacks and thus assisting for the development of XSS-free web applications based on HTML5. Script-Key aims to be fast, developer friendly (without the need for the developer to modify the web applications code) and providing backwards compatibility. The Script-Key framework is implemented and evaluated in Mozilla Firefox and the Apache web server. The Script-Key framework can successfully detect and prevent a range of XSS attacks in simulated tests while imposes negligible overhead in both server and client side without any negative side-effects in overall user’s web browsing experience. |
|---|