Welcome to the InfoSci Platform
Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

B. B. Gupta, Shashank Gupta, Pooja Chaudhary
Copyright: © 2018 |Pages: 32
ISBN13: 9781522534228|ISBN10: 1522534229|EISBN13: 9781522534235
DOI: 10.4018/978-1-5225-3422-8.ch009
Cite Chapter Cite Chapter

MLA

Gupta, B. B., et al. "Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud." Application Development and Design: Concepts, Methodologies, Tools, and Applications, edited by Information Resources Management Association, IGI Global, 2018, pp. 216-247. https://doi.org/10.4018/978-1-5225-3422-8.ch009

APA

Gupta, B. B., Gupta, S., & Chaudhary, P. (2018). Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud. In I. Management Association (Ed.), Application Development and Design: Concepts, Methodologies, Tools, and Applications (pp. 216-247). IGI Global. https://doi.org/10.4018/978-1-5225-3422-8.ch009

Chicago

Gupta, B. B., Shashank Gupta, and Pooja Chaudhary. "Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud." In Application Development and Design: Concepts, Methodologies, Tools, and Applications, edited by Information Resources Management Association, 216-247. Hershey, PA: IGI Global, 2018. https://doi.org/10.4018/978-1-5225-3422-8.ch009

Export Reference

Mendeley
Favorite

Abstract

This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.