Social network usage has increased exponentially in recent years. Platforms like Facebook, Twitter, Google+, LinkedIn and Instagram, not only facilitate sharing of personal data but also connect people professionally. However, development of these platforms with more enhanced features like HTML5, CSS, XHTML and Java Script expose these sites to various vulnerabilities that may be the root cause of various threats. Therefore, social networking sites have become an attack surface for various cyber-attacks such as XSS attack and SQL Injection. Numerous defensive techniques have been proposed, yet with technology up-gradation current scenarios demand for more efficient and robust solutions.
Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures
is a comprehensive source which provides an overview of web-based vulnerabilities and explores XSS attack in detail. This book provides a detailed overview of the XSS attack; its classification, recent incidences on various web applications, and impacts of the XSS attack on the target victim. This book addresses the main contributions of various researchers in XSS domain. It provides in-depth analysis of these methods along with their comparative study. The main focus is a novel framework which is based on Clustering and Context based sanitization approach to protect against XSS attack on social network. The implementation details conclude that it is an effective technique to thwart XSS attack. The open challenges and future research direction discussed in this book will help further to the academic researchers and industry specific persons in the domain of security.
|
|
|
xiii | |
|
|
|
xvii | |
| Preface |
|
xix | |
| Acknowledgments |
|
xxiii | |
| Author Bio |
|
xxv | |
|
Chapter 1 Security Flaws in Web Applications |
|
|
1 | (28) |
|
1.1 Web Application Vulnerabilities |
|
|
1 | (10) |
|
1.1.1 Fundamentals of Web Application Architecture |
|
|
2 | (1) |
|
1.1.2 Background and Motivation |
|
|
3 | (3) |
|
|
|
6 | (5) |
|
1.2 Different Domain-Centric Web Application Vulnerabilities |
|
|
11 | (2) |
|
1.3 Comprehensive Detail of Most Dangerous Vulnerabilities |
|
|
13 | (6) |
|
1.3.1 Overview of Web Application Vulnerabilities |
|
|
15 | (1) |
|
1.3.2 Risk Path Assessment |
|
|
15 | (3) |
|
1.3.3 Mapping Vulnerabilities with Risk Rating Methods |
|
|
18 | (1) |
|
1.4 Toward Building Secure Web Applications |
|
|
19 | (5) |
|
|
|
24 | (5) |
|
|
|
25 | (4) |
|
Chapter 2 Security Challenges in Social Networking: Taxonomy and Statistics |
|
|
29 | (24) |
|
|
|
29 | (6) |
|
2.1.1 Statistics of Social Networking |
|
|
30 | (1) |
|
2.1.2 Recent Incidences on Social Networking Platform |
|
|
31 | (4) |
|
2.2 Distinct Attack Classes of Social Platform |
|
|
35 | (2) |
|
2.3 Social Network Design vs. Privacy and Security Goals |
|
|
37 | (8) |
|
2.4 Solutions to Prevent Against Social Media Attacks |
|
|
45 | (1) |
|
|
|
45 | (8) |
|
|
|
49 | (4) |
|
Chapter 3 Fundamentals of Cross-Site Scripting (XSS) Attack |
|
|
53 | (22) |
|
3.1 Overview of Cross-Site Scripting (XSS) Attack |
|
|
53 | (2) |
|
3.1.1 Steps to Exploit XSS Vulnerability |
|
|
54 | (1) |
|
3.1.2 Recent Incidences of XSS Attack |
|
|
55 | (1) |
|
3.2 Effects of XSS Attack |
|
|
55 | (2) |
|
3.3 Classification of XSS Attack |
|
|
57 | (3) |
|
3.3.1 Persistent XSS Attack |
|
|
57 | (2) |
|
3.3.2 Non-Persistent Attack |
|
|
59 | (1) |
|
3.3.3 DOM-Based XSS Attack |
|
|
60 | (1) |
|
3.4 Approaches to Defend Against XSS Attack |
|
|
60 | (8) |
|
3.4.1 Client-Side Approaches |
|
|
66 | (1) |
|
3.4.2 Server-Side Approaches |
|
|
66 | (1) |
|
3.4.3 Combinational Approaches |
|
|
66 | (1) |
|
3.4.4 Proxy-Based Approaches |
|
|
66 | (2) |
|
|
|
68 | (7) |
|
|
|
71 | (4) |
|
Chapter 4 Clustering and Context-Based Sanitization Mechanism for Defending against XSS Attack |
|
|
75 | (34) |
|
|
|
76 | (2) |
|
|
|
76 | (1) |
|
4.1.2 Access Control List (ACL) |
|
|
77 | (1) |
|
4.1.3 Context-Based Sanitization |
|
|
77 | (1) |
|
|
|
78 | (11) |
|
|
|
78 | (1) |
|
|
|
79 | (1) |
|
|
|
80 | (1) |
|
4.2.2.2 Recognition Phase |
|
|
80 | (4) |
|
|
|
84 | (5) |
|
4.3 Experimental Testing and Evaluation Results |
|
|
89 | (8) |
|
4.3.1 Implementation Details |
|
|
92 | (1) |
|
4.3.2 Categories of XSS Attack Vectors |
|
|
92 | (3) |
|
|
|
95 | (2) |
|
|
|
97 | (6) |
|
|
|
97 | (2) |
|
4.4.2 Using F-test Hypothesis |
|
|
99 | (4) |
|
4.4.3 Comparative Analysis |
|
|
103 | (1) |
|
|
|
103 | (6) |
|
|
|
105 | (4) |
|
Chapter 5 Real-World XSS Worms and Handling Tools |
|
|
109 | (16) |
|
|
|
109 | (4) |
|
5.1.1 Real-World Incidences of XSS Worm |
|
|
110 | (1) |
|
5.1.2 Case Study of the Famous Samy Worm |
|
|
111 | (2) |
|
5.2 Life Cycle of XSS Worm |
|
|
113 | (1) |
|
5.3 Categories of XSS Worm |
|
|
114 | (3) |
|
5.3.1 Exponential XSS Worm |
|
|
115 | (1) |
|
|
|
115 | (2) |
|
|
|
117 | (1) |
|
|
|
117 | (1) |
|
|
|
117 | (8) |
|
|
|
121 | (4) |
|
Chapter 6 XSS Preventive Measures and General Practices |
|
|
125 | (14) |
|
|
|
125 | (1) |
|
6.2 XSS Prevention Schemes |
|
|
126 | (5) |
|
|
|
128 | (1) |
|
|
|
128 | (2) |
|
|
|
130 | (1) |
|
6.2.4 Use Content Security Policy (CSP) |
|
|
130 | (1) |
|
|
|
131 | (1) |
|
6.3 Different Practices for Browser Security |
|
|
131 | (3) |
|
6.4 Open Research Directions |
|
|
134 | (2) |
|
|
|
136 | (3) |
|
|
|
136 | (3) |
| Index |
|
139 | |
B. B. Gupta received PhD degree from Indian Institute of Technology Roorkee, India in the area of Information and Cyber Security. He published more than 200 research papers in International Journals and Conferences of high repute including IEEE, Elsevier, ACM, Springer, Wiley, Taylor & Francis, Inderscience, etc. He has visited several countries, i.e. Canada, Japan, USA, UK, Malaysia, Australia, Thailand, China, Hong-Kong, Italy, Spain etc to present his research work. His biography was selected and published in the 30th Edition of Marquis Who's Who in the World, 2012. Dr. Gupta also received Young Faculty research fellowship award from Ministry of Electronics and Information Technology, Government of India in 2018. He is also working as principal investigator of various R&D projects. He is serving as associate editor of IEEE Access, IEEE TII, and Executive editor of IJITCA, Inderscience, respectively. At present, Dr. Gupta is working as Assistant Professor in the Department of Computer Engineering, National Institute of Technology Kurukshetra India. His research interest includes Information security, Cyber Security, Mobile security, Cloud Computing, Web security, Intrusion detection and Phishing.
Pooja Chaudhary is currently pursuing her PhD Degree from National Institute of Technology (NIT), Kurukshetra, Haryana, India, in Information and Cyber Security area. She has completed her Master of Technology (M.Tech) degree in area of Cyber Security from National Institute of Technology (NIT), kurukshetra, Haryana, India. She has received her B.Tech degree in Computer Science and Engineering from Bharat Institute of Technology, Meerut, India, affiliated to Uttar Pradesh Technical University. Her areas of interest include Online Social Network (OSN) security, Big data analysis and security, Database security and cyber security, and Internet of Security (IoT) Security. She has published a number of research papers with various reputed publishers, i.e. IEEE, Springer, Wiley, Inderscience and so on.
Rohkem infot Taylor & Francis e-raamatute kohta