Protecting Against Reflected Cross-Site Scripting Attacks
Journal article, Peer reviewed
Published version
View/ Open
Date
2018Metadata
Show full item recordCollections
Original version
Ellingsen, P., & Vikne, A. S. (2018). Protecting against reflected cross-site scripting attacks. International Journal On Advances in Software, 11, 418-439.Abstract
One of the most dominant threats against web applications is the class of script injection attacks, also called cross-site scripting. This class of attacks affects the client-side of a web application, and is a critical vulnerability that is difficult to both detect and remediate for websites, often leading to insufficient server-side protection, which is why the end-users need an extra layer of protection at the client-side, utilizing the defense in depth strategy. This paper discusses a client-side filter for Mozilla Firefox that protects against Reflected cross-site scripting attacks, while maintaining high performance. By conducting tests on the implemented solution, the conclusion is that the filter does provide more protection than the original Firefox version, at the same time achieving high performance, which with only some further improvements would become an effective option for end-users of web applications to protect themselves against Reflected cross-site scripting attacks.