Streamlined security framework for defence against XSS attacks targeted at HTML5
With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mai...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/48806 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-48806 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-488062023-03-03T20:23:39Z Streamlined security framework for defence against XSS attacks targeted at HTML5 Cheng, Chi Chung. School of Computer Engineering Centre for Multimedia and Network Technology Wen Yonggang DRNTU::Engineering::Computer science and engineering::Data::Data encryption With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mainstream adoption, web applications that incorporate HTML5 features such as the enhanced communication between origins in both server and client have become more vulnerable to pervasive browser-based attacks such as cross-site scripting (XSS), cross-site forgery (CSRF) and SQL Injection. This report presents a server-client collaborative framework for detecting and preventing cross-site attacks and thus assisting for the development of XSS-free web applications based on HTML5. Script-Key aims to be fast, developer friendly (without the need for the developer to modify the web applications code) and providing backwards compatibility. The Script-Key framework is implemented and evaluated in Mozilla Firefox and the Apache web server. The Script-Key framework can successfully detect and prevent a range of XSS attacks in simulated tests while imposes negligible overhead in both server and client side without any negative side-effects in overall user’s web browsing experience. Bachelor of Engineering (Computer Engineering) 2012-05-10T01:02:49Z 2012-05-10T01:02:49Z 2012 2012 Final Year Project (FYP) http://hdl.handle.net/10356/48806 en Nanyang Technological University 134 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Data::Data encryption |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Data::Data encryption Cheng, Chi Chung. Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| description |
With the introduction of HTML5 and its new features which include a new application programming interface (API), HTML5 offers advantages in increasing interoperability and reducing development costs by making precise rules on handling all HTML elements and errors. While HTML5 is still undergoing mainstream adoption, web applications that incorporate HTML5 features such as the enhanced communication between origins in both server and client have become more vulnerable to pervasive browser-based attacks such as cross-site scripting (XSS), cross-site forgery (CSRF) and SQL Injection. This report presents a server-client collaborative framework for detecting and preventing cross-site attacks and thus assisting for the development of XSS-free web applications based on HTML5. Script-Key aims to be fast, developer friendly (without the need for the developer to modify the web applications code) and providing backwards compatibility. The Script-Key framework is implemented and evaluated in Mozilla Firefox and the Apache web server. The Script-Key framework can successfully detect and prevent a range of XSS attacks in simulated tests while imposes negligible overhead in both server and client side without any negative side-effects in overall user’s web browsing experience. |
| author2 |
School of Computer Engineering |
| author_facet |
School of Computer Engineering Cheng, Chi Chung. |
| format |
Final Year Project |
| author |
Cheng, Chi Chung. |
| author_sort |
Cheng, Chi Chung. |
| title |
Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| title_short |
Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| title_full |
Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| title_fullStr |
Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| title_full_unstemmed |
Streamlined security framework for defence against XSS attacks targeted at HTML5 |
| title_sort |
streamlined security framework for defence against xss attacks targeted at html5 |
| publishDate |
2012 |
| url |
http://hdl.handle.net/10356/48806 |
| _version_ |
1759857896764473344 |