Auditing Defense against XSS Worms in Online Social Network-Based Web Applications

Auditing Defense against XSS Worms in Online Social Network-Based Web Applications

Pooja Chaudhary (National Institute of Technology Kurukshetra, India), Shashank Gupta (National Institute of Technology Kurukshetra, India) and B. B. Gupta (National Institute of Technology Kurukshetra, India)
DOI: 10.4018/978-1-5225-0105-3.ch010
OnDemand PDF Download:


Nowadays, users of Online Social Network (OSN) are less familiar with cyber security threats that occur in such networks, comprising Cross-Site Scripting (XSS) worms, Distributed Denial of Service (DDoS) attacks, Phishing, etc. Numerous defensive methodologies exist for mitigating the effect of DDoS attacks and Phishing vulnerabilities from OSN. However, till now, no such robust defensive solution is proposed for the complete alleviation of XSS worms from such networks. This chapter discusses the detailed incidences of XSS attacks in the recent period on the platforms of OSN. A high level of taxonomy of XSS worms is illustrated in this article for the precise interpretation of its exploitation in multiple applications of OSN like Facebook, Twitter, LinkedIn, etc. We have also discussed the key contributions of current defensive solutions of XSS attacks on the existing platforms of OSN. Based on this study, we identified the current performance issues in these existing solutions and recommend future research guidelines.
Chapter Preview

1. Introduction To Online Social Network (Osn)

Nowadays, the utilization of Online Social Network (OSN) [Fire et. al. (2014), Haddon et. al. (2011)] has escalated abruptly since such networks have entered into daily routine life of people in the form of virtual gathering locations that ease communication. With the advent of smart phone technology and the development of many digital devices, the usage of OSN-based Web applications (like Facebook [Facebook, (2013)], Twitter [Twitter, (2014)], LinkedIn [LinkedIn, (2014)], etc.) has been tremendously increasing after the development of Web 2.0. Such Web application comprises billions of daily online active users. Figure 1 highlights the statistics of different community of online users in OSN i.e. its popularity among Internet users. OSN basically provide a digital virtual place to users for sharing their information including relationship status, qualification, DOB and many more. Users establish new social connection with their loved ones and re-establish the lost connections. In other words, OSN facilitates socialization. User can interact with other user through posts, messages, photos, and videos. Facebook is the most popular OSN site with 1.23 billion active users [Haddon, (2011), Facebook (2014)]. Other popular OSN-based Websites are Google+ with 200+ million active users [Google+, (2014)]; Twitter has more than 160 million users [Twitter, (2014)] and LinkedIn with more than 150 million users [LinkedIn, (2014)].

Figure 1.

Popularity of OSNs among users

As the use of OSN sites is greatly embedded into the lives of general people, to provide privacy to their personal information is a challenging task before the developers and researchers. Users’ information may be used by the OSN admin and by commercial companies to know the users preferences and to identify the audience for their advertisement and product usage. So all this leads to the violation of users’ privacy and security. According to a survey done by Facebook in December 2013 [Facebook, (2014)], Facebook is having 556 million daily active users on mobile devices, shown an increase of 49% year per year. OSN usage is not popular among adults only but it is also most popular among teenagers also.

According to survey done in 25 European countries among 25000 participants [Haddon, (2011)] it has been observed that 60% of the children in age group of 9-16 are daily users of OSN sites and 59% of those maintain their personal profile on any of the OSN site (26%- 9-10, 49%- 11-12, 73%- 13-14 and 89%- 15-16). Besides this, 30% of children surveyed maintained social connection with person they had never met personally, 9% reported that they met personally to person with whom they have social connection, 9% described that their personal information is misused, 21% encountered with harmful user generated content, and 6% reported that they got malicious messages on the Internet. Figure 2 demonstrates that the use of the OSN affects the young children and teenagers and results into the misuse and exposure of personal information.

Figure 2.

Harmful effects of OSN Web applications on young children and teenagers

1.1 Taxonomy of OSN Attacks

This sub-section highlights the taxonomy of OSN attacks as shown in figure 3. Due to the massive popularity of OSN Web applications, it has become the main target of attackers to launch different types of attacks. Major classes of attacks include malwares, phishing, spamming, XSS, etc. and novel attacks like Clickjacking, de-anonymization, fake identities, identity clone, inference attack, information and location leakage attack and socware.

Figure 3.

Taxonomy of OSN attacks

Key Terms in this Chapter

Content Spoofing: It is a code injection vulnerability which uses non-scripting method to inset malicious code into the Web application to harm users.

Encryption: It is used for security purpose in which a text is converted in to unreadable format by using some cryptographic technique.

Spamming: It is technique to send spam messages like advertisements to the user to interrupt the user or flood him by sending him many spam messages.

Server: Any machine which can serve to the client request by providing the requested resource.

Asynchronous Java-Script And XML (AJAX): It is a new technology standard developed to design dynamic Web application. It is basically a set of Web development techniques like JavaScript and XML which uses Web technologies to generate asynchronous Web applications on the client side.

Cross Site Request Forgery (CSRF): It is a type of attack initiated when a malicious Website causes a user to perform some illegal action on the legitimate Web site, for which user is granted access.

Polymorphic Worm: It is a type of worm which changes itself after each step of its propagation keeping its semantics intact.

De-Anonymization: Pseudonyms are used by the user to hide their original identity from other user on social networking sites for the security purpose. De-anonymization is a type of attack uses session cookie, network topology and user group membership to unhide the user’s real identity.

Virus: It is a self-replicating code which looks like good code but performs harmful effect. It may cause severe harm to the user by taking control of his computer or cruses his computer.

Web Browser: It is software tool used to retrieve and present the information resource on the WWW. Information resource is retrieved by using the URL.

Clickjacking: It is also called as User Interface redress attack (UI redress attack). It is a malicious activity performed by the attacker to gain access to user confidential information. In this user is dodged to click on something (malicious URL) which is different from what is perceived by the user.

Drive-by-Download Attack: It is a malware installing technique which is initiated when a user clicks on some pop-up messages. These malwares are downloaded into the user’s computer in a manner invisible to user.

Spyware: In this type of attack, attacker collects all the user information without his knowledge by making him to install something which contains the malicious software.

Sanitization: It is method similar to filtering procedure in which user generated data is validated according to some rules defined according to the context in which data is entered. It is done to remove the malicious data from code of the Web application.

SQL Injection: It is a code injection vulnerability in which attacker injects some malicious SQL commands in to the execution field of the database.

Insufficient Authorization: It occurs due to improper authorization of user to ensure that user is performing the actions according to the defined policies.

Parse Tree: Parse tree is an ordered rooted tree that denotes the syntactic structure of the HTML document. It is used by the browser to process the document received from the server.

Same Origin Policy (SOP): In this policy, scripts contained in one Web page can use the data of some other Web page only if they both have same origin.

Cookie: It is a small piece of text generated by the Web server and send back to browser in the HTTP response. It is a mechanism used by the Web sites to record stateful information of the user or user’s browsing history. It includes login credentials of the user.

Malicious Code: Code which looks legitimate but performs some unwanted actions and produce harmful effects like data leakage.

Malware: These are the malicious software or computer programs to interrupt the computer processing to take control of user computer or collect the sensitive information like login details. Examples are: viruses, Trojans horses, net worms etc.

Web Server: It is a machine used to process the client’s request and generate the response Web page for the client. It may a single machine or a group of machine works distributively.

Spoofing: It is condition where in attacker masquerades himself as some other legitimate user to perform illegal activity.

Session Hijacking: It occurs when attacker exploits the Web application session management vulnerability to take control of some user’s credentials to control the corresponding session. It may lead to man-in-middle attack.

Socialbots: These are the fake identities created to mimic legitimate user behavior to gain the user trust and after that steal the user sensitive information.

Client: Any device or person who makes request to access resource on the Internet and receives the response from the server.

Address Resolution Protocol (ARP): It is a protocol which is used to map IP address (network address) to the hardware address (MAC address) of a particular computer on the network.

Hyper Text Markup Language (HTML): It is a language used to generate the Web documents. It uses markup tags to specify the document objects.

JavaScript: It is a scripting language used to develop the dynamic Web applications.

HTTP Response: A Web page sends back by the server in response to the HTTP request by the client.

Denial-of-Service (DOS) Attack: It is a type of attack in which a machine or network resource is made unavailable to its users so as to make a host temporarily suspended on the network.

Uniform Resource Locator (URL): It is used to denote or refer any resource on the Internet.

Inference Attack: It is a type of attack in which user sensitive information is inferred by the data disclosed by the user. It uses the data mining techniques to predict useful information.

Cross Site Scripting (XSS): It is a code injection vulnerability found in many Web applications to inject malicious scripting code to steal the user’s sensitive information like session cookie and token.

Hyper Text Transfer Protocol (HTTP): It is an application layer rule for distributed, hypermedia information system used to transfer the hypertext data over WWW.

Information Leakage: Many users willingly share their personal data on the social networking media with their friends. This information may be used by some other person for their benefits. Like insurance company may use health related data to make their decision.

Insufficient Session Expiration: It is caused when a Web site allows an attacker to access to user’s account by reusing old session credentials and hence escalates Web site exposure to cyber- attacks to steal sensitive information of the user.

Web Application: It is an application runs over the client-server framework where client makes requests by browser.

Victim: Any user who is infected by some type of cyber-attacks or worms.

Identity Clone Attack: In this type of attack, attacker deceives the user’s friend to make healthy relationship with him by replicating the user’s identity either in the same network or other network.

Content Security Policy (CSP): It is an add-on service provided by the current browser for security purpose. It is security layer to detect and prevent against code injection attacks like XSS.

HTTP Request: A request send by the client to access some resource form the server using HTTP protocol.

World Wide Web (WWW): It is space in which Web pages are identified by the URLs and contain hyperlinks to other Web pages.

Location Leakage: Many users reveal their location details on the OSN sites which may be used by the stalkers to harm to the user.

Hyperlink: It is a technique to refer to the data on the Web page on clicking the link on the currently displayed Web page.

Socware: It uses posts and messages from the friends in social networking sites. It makes the user to install socware related malicious application and then sends the malicious posts and messages to user’s friends on user’s behalf.

Attacker: Any person who behaves in an incorrect manner. Attacker performs illegal activities on the Internet (i.e launches cyber-attacks) for his benefits like financial account hijacking for stealing money.

Complete Chapter List

Search this Book: