Skip to main content
Journal Article

Moving target defense against cross-site scripting attacks (Position paper)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2015) 8930 85-91
DOI: 10.1007/978-3-319-17040-4_6
7Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present a new method to defend against cross-site scripting (XSS) attacks. Our approach is based on mutating symbols in the JavaScript language and leveraging commonly used load-balancing mechanisms to deliver multiple copies of a website using different versions of the JavaScript language. A XSS attack that injects unauthorized JavaScript code can thus be easily detected. Our solution achieves similar benefits in XSS protection as Content Security Policy (CSP), a leading web standard to prevent cross site scripting, but can be much more easily adopted because refactoring of websites is not required.

Author supplied keywords

Cite

CITATION STYLE

APA

Portner, J., Kerr, J., & Chu, B. (2015). Moving target defense against cross-site scripting attacks (Position paper). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8930, 85–91. https://doi.org/10.1007/978-3-319-17040-4_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free