XSS Extenuator Framework for Exterminating Cross Site Scripting Attacks to Ensure Secure Web Access
Cross-Site Scripting aka XSS is one among the common application-layer attacks in the world of web. By exploiting this type of vulnerabilities an attacker can carry out malevolent actions, such as tamper the personal information, steal the session credentials and perform sensitive data theft. Although there are plenty of eradicating approaches for this XSS attack, it is still prevalent among these days in the web applications. Therefore, a strapping demand arises to improvise the existing methodologies and solutions and defenders are in a position to develop a secured mitigation technique to overcome this attack. Many approaches are concentrating either detection or protection, but this paper proposes a detective and defensive frame work for extenuating XSS attack. The new secured framework approach for web security requires the capacity and ability to detect and prevent XSS attack. This paper considers the extenuating mechanism for client and also includes server side protection with an effective implementation. The client protection mechanism uses input validation and data refining techniques to efficiently detect the presence of malevolent code in web pages. The proposed approaches have been applied for a proxy server in order to detection and defend against server side attacks. The server side approach uses XSS Exhauster, XSS policy filter and XSS Defender to mitigate it. The result of the implementation shows that the approach can effectively detect XSS attacks and defend against it from the server side as well as the client side and act as a complete mitigation framework for eradicating XSS vulnerabilities.
Keywords - XSS Extenuator, XSS Defender, XSS Exhauster, XSS Policy Filter, defensive framework, data refiner.