Prevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side
Journal: International Journal of Advanced Computer Research (IJACR) (Vol.2, No. 5)Publication Date: 2012-09-27
Authors : Shashank Gupta; Lalitsen Sharma; Manu Gupta; Simi Gupta;
Page : 49-54
Keywords : Cookies; HTTP; Cross-Site Scripting Attacks; Hash function.;
Abstract
Cookies are a means to provide stateful communication over the HTTP. In the World Wide Web (WWW), once the user using web browser has been successfully authenticated by the web server of the web application, then the web server will generate and transfer the cookie to the web browser. Now each time, if the user again wants to send a request to the web server as a part of the active connection, the user has to include the corresponding cookie in its request, so that the web server associates the cookie to the corresponding user. Cookies are the mechanisms that maintain an authentication state between the user and web application. Therefore cookies are the possible targets for the attackers. Cross Site Scripting (XSS) attack is one of such attacks against the web applications in which a user has to compromise its browser’s resources (e.g. cookies etc.). In this paper, a novel technique called Dynamic Hash Generation Technique is introduced whose aim is to make cookies worthless for the attackers. This technique is implemented on the server side whose main task is to generate a hash of the value of name attribute in the cookie and send this hash value to the web browser. With this technique, the hash value of name attribute in the cookie which is stored on the browser’s database is not valid for the attackers to exploit the vulnerabilities of XSS attacks.
Other Latest Articles
- Medical Image Protection using steganography by crypto-image as cover Image
- Removal of cyclic prefix in Adaptive Non-Contiguous OFDM for Dynamic Spectrum Access using DWT and WT
- Design and Experimental Implementation of Bipedal robot
- Modeling & Simulation of Multi-Pulse Converters for Harmonic Reduction
- Survey paper on different approaches of Threshold Cryptography
Last modified: 2014-11-25 18:07:26