Protecting Against Reflected Cross-Site Scripting Attacks
Journal article, Peer reviewed
Published version
Permanent lenke
http://hdl.handle.net/11250/2588920Utgivelsesdato
2018Metadata
Vis full innførselSamlinger
Originalversjon
Ellingsen, P., & Vikne, A. S. (2018). Protecting against reflected cross-site scripting attacks. International Journal On Advances in Software, 11, 418-439.Sammendrag
One of the most dominant threats against web applications is the class of script injection attacks, also called cross-site scripting. This class of attacks affects the client-side of a web application, and is a critical vulnerability that is difficult to both detect and remediate for websites, often leading to insufficient server-side protection, which is why the end-users need an extra layer of protection at the client-side, utilizing the defense in depth strategy. This paper discusses a client-side filter for Mozilla Firefox that protects against Reflected cross-site scripting attacks, while maintaining high performance. By conducting tests on the implemented solution, the conclusion is that the filter does provide more protection than the original Firefox version, at the same time achieving high performance, which with only some further improvements would become an effective option for end-users of web applications to protect themselves against Reflected cross-site scripting attacks.