期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2013
卷号:1
期号:10
出版社:S&S Publications
摘要:The Rapid growth of internet resulted in feature rich and dynamic web applications. This increase infeatures also introduced completely under estimated attack vectors. Cross site scripting attacks, SQL Injection andmalicious file execution are the most dominant classes of web vulnerabilities reported by OWASP 2011. These attacksmake use of vulnerabilities in the code of web applications, resulting in serious consequences, such as theft of cookies,passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-sidecounter measures for XSS attacks do exist, but such techniques have not been universally applied, because of theirdeployment overhead. The existing client-side solutions degrade the performance of client’s system resulting in a poorweb surfing experience. This paper presents automata-based symbolic string analyses called XHunter for automaticverification of string manipulating programs we compute the pre and post conditions of common string functionsusing deterministic finite automata (DFAs).Experiment result shows that this approach finds large number ofmalicious attacks in web application.
