Abstract
Cross-Site Scripting (XSS) is one of the dangerous and topmost web attacks as stated by recent surveys. XSS vulnerability arises, when an application deployed in a cloud, accept information from uncertain origin without an input validation, allowing the execution of dynamic content. XSS vulnerabilities may cause serious security violations in web and mobile cloud-based applications. In general, Cross-Site Scripting bugs are very easy to accomplish, but hard to discover and mitigate, because of the flexibility of encoding schemes like HTML encoding, which offers the adversary numerous chances to bypass the filters that should block dangerous content from being inserted into relied websites. In order to mitigate XSS vulnerability of a web application in the mobile cloud, a novel approach is presented, which successfully identifies the JavaScript-driven XSS attacks. In addition, we focus on, initiating a client-side Cross-Site Scripting attack discovery and mitigation technique known as Secure XSS layer based on the placement of sanitizers in the inserted malicious code.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Alhamazani, K., et al.: An overview of the commercial cloud monitoring tools: research dimensions, design issues, and state-of-the-art. Computing 97(4), 357–377 (2015)
Almorsy, M., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107 (2016)
Balzarotti, D., et al.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 387–401. IEEE (2008)
Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the art: automated black-box web application vulnerability testing. In: 2010 IEEE Symposium on Security and Privacy, pp. 332–345. IEEE (2010)
Fernandez, E.B., Monge, R., Hashizume, K.: Building a security reference architecture for cloud systems. Requirements Eng. 21(2), 225–249 (2016)
Gupta, G.: Enhanced XSS defensive framework for web applications deployed in the virtual machines of cloud computing environment. Procedia Technol. 24, 1595–1602 (2016)
Gupta, B., Gupta, S.: Alleviating the proliferation of JavaScript worms from online social network in cloud platforms. In: 2016 7th International Conference on Information and Communication Systems (ICICS), pp. 246–251. IEEE (2016)
Gupta, S., Gupta, B.: Cross-site scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manag. 1–19 (2015)
Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: An approach for cross-site scripting detection and removal based on genetic algorithms. In: The Ninth International Conference on Software Engineering Advances ICSEA (2014)
Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 601–610. ACM (2007)
Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 330–337. ACM (2006)
Mitropoulos, D., Louridas, P., Polychronakis, M., Keromytis, A.D.: Defending against web application attacks: approaches, challenges and implications. IEEE Trans. Dependable Secure Comput. 99, b11 (2017)
Mitropoulos, D., Stroggylos, K., Spinellis, D., Keromytis, A.D.: How to train your browser: preventing XSS attacks using contextual script fingerprints. ACM Trans. Priv. Secur. (TOPS) 19(1), 2 (2016)
de Paiva, O.Z., Ruggiero, W.V.: A survey on information flow control mechanisms in web applications. In: 2015 International Conference on High Performance Computing & Simulation (HPCS), pp. 211–220. IEEE (2015)
Saxena, P., Hanna, S., Poosankam, P., Song, D.: FLAX: systematic discovery of client-side validation vulnerabilities in rich web applications. In: NDss (2010)
Shar, L.K., Tan, H.B.K.: Automated removal of cross site scripting vulnerabilities in web applications. Inf. Softw. Technol. 54(5), 467–478 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Madhusudhan, R., Shashidhara (2019). Mitigation of Cross-Site Scripting Attacks in Mobile Cloud Environments. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_6
Download citation
DOI: https://doi.org/10.1007/978-981-13-5826-5_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)