DOM-based XSS Attacks
- 1,001 views
Concerning the matter of modern Internet Security, we are obliged to understand the meaning and proper utilization of Web Application Security and Web Services Security. ...
Concerning the matter of modern Internet Security, we are obliged to understand the meaning and proper utilization of Web Application Security and Web Services Security.
In this paper, we discuss one of the recent and misunderstood problems, related to Web Application Security.
In distinction to the standard Web Application Cross-Site Scripting Attack Vector, DOM-based XSS conveys a way to inject malicious payload on Layer 7 ISO/OSI Model on the client-side implementation of the Web-Application logic. Precisely, DOMXSS represents a subclass of this dominant Web Application Attack Vector – XSS.
Therefore, we observe the comprehensive environmental aspects of DOMXSS; we divide them in two layers – Programming environment, which concerns the DOM Abstraction Model, Web-Application coding language and the rendering engine of the Web client (Web-Browser); and Implementation environment – the Web Application programming logic and source code.
Because of the fact, that this subclass, should be still considered as misapprehended and consequentially – systematically avoided by the security and scientific communities, the main objectives of this project thesis are: proposing and evaluating of related categorizations and meta-model, demonstration of case studies and sanitization best practices, and further propositions across the problem – DOM-based XSS attacks.
- Total Views
- Views on SlideShare
- Embed Views