We present a new method to defend against cross-site scripting (XSS) attacks. Our approach is based on mutating symbols in the JavaScript language and leveraging commonly used load-balancing mechanisms to deliver multiple copies of a website using different versions of the JavaScript language. A XSS attack that injects unauthorized JavaScript code can thus be easily detected. Our solution achieves similar benefits in XSS protection as Content Security Policy (CSP), a leading web standard to prevent cross site scripting, but can be much more easily adopted because refactoring of websites is not required.
CITATION STYLE
Portner, J., Kerr, J., & Chu, B. (2015). Moving target defense against cross-site scripting attacks (Position paper). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8930, 85–91. https://doi.org/10.1007/978-3-319-17040-4_6
Mendeley helps you to discover research relevant for your work.