Abstract
Cross-site scripting (XSS) vulnerabilities make it possible for worms to spread quickly to a broad range of users on popular Web sites. To date, the detection of XSS worms has been largely unexplored. This paper proposes the first purely client-side solution to detect XSS worms. Our insight is that an XSS worm must spread from one user to another by reconstructing and propagating its payload. Our approach prevents the propagation of XSS worms by monitoring outgoing requests that send self-replicating payloads. We intercept all HTTP requests on the client side and compare them with currently embedded scripts. We have implemented a cross-platform Firefox extension that is able to detect all existing self-replicating XSS worms that propagate on the client side. Our test results show that it incurs low performance overhead and reports no false positives when tested on popular Web sites. © 2009 Springer Berlin Heidelberg.
Author supplied keywords
Cite
CITATION STYLE
Sun, F., Xu, L., & Su, Z. (2009). Client-side detection of XSS worms by monitoring payload propagation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5789 LNCS, pp. 539–554). https://doi.org/10.1007/978-3-642-04444-1_33
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
