Designing a XSS Defensive Framework for Web Servers Deployed in the Existing Smart City Infrastructure
- 1 October 2020
- journal article
- research article
- Published by IGI Global in Journal of Organizational and End User Computing
- Vol. 32 (4), 85-111
- https://doi.org/10.4018/joeuc.2020100105
Abstract
Cross-site scripting is one of the notable exceptions effecting almost every web application. Hence, this article proposed a framework to negate the impact of the XSS attack on web servers deployed in one of the major applications of the Internet of Things (IoT) i.e. the smart city environment. The proposed framework implements 2 approaches: first, it executes vulnerable flow tracking for filtering injected malicious scripting code in dynamic web pages. Second, it accomplished trusted remark generation and validation for unveiling any suspicious activity in static web pages. Finally, the filtered and modified webpage is interfaced to the user. The prototype of the framework has been evaluated on a suite of real-world web applications to detect XSS attack mitigation capability. The performance analysis of the framework has revealed that this framework recognizes the XSS worms with very low false positives, false negatives and acceptable performance overhead as compared to existent XSS defensive methodologies. Request access from your librarian to read this article's full text.Keywords
This publication has 28 references indexed in Scilit:
- Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing EnvironmentProcedia Technology, 2016
- Auditing Defense against XSS Worms in Online Social Network-Based Web ApplicationsPublished by IGI Global ,2016
- Smart City Security Issues: Depicting Information Security Issues in the Role of an Urban EnvironmentPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Issues of Privacy and Security in the Role of Software in Smart CitiesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- Towards fully automatic placement of security sanitizers and declassifiersACM SIGPLAN Notices, 2013
- JSandPublished by Association for Computing Machinery (ACM) ,2012
- SCRIPTGARDPublished by Association for Computing Machinery (ACM) ,2011
- Availability state transition modelACM SIGSOFT Software Engineering Notes, 2011
- XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting AttacksLecture Notes in Computer Science, 2008
- Privacy, Risk Perception, and Expert Online BehaviorJournal of Organizational and End User Computing, 2006