Open Access   Article Go Back

Reverse Proxy Based XSS filtering

K.S. Wagh1 , Vishal Jotshi2 , Harshal Dalvi3 , Manish Kamble4

Section:Review Paper, Product Type: Journal Paper
Volume-3 , Issue-5 , Page no. 175-180, May-2015

Online published on May 30, 2015

Copyright © K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

View this paper at   Google Scholar | DPI Digital Library

XML View
PDF Download

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble, “Reverse Proxy Based XSS filtering,” International Journal of Computer Sciences and Engineering, Vol.3, Issue.5, pp.175-180, 2015.

MLA Style Citation: K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble "Reverse Proxy Based XSS filtering." International Journal of Computer Sciences and Engineering 3.5 (2015): 175-180.

APA Style Citation: K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble, (2015). Reverse Proxy Based XSS filtering. International Journal of Computer Sciences and Engineering, 3(5), 175-180.

BibTex Style Citation:
@article{Wagh_2015,
author = {K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble},
title = {Reverse Proxy Based XSS filtering},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {5 2015},
volume = {3},
Issue = {5},
month = {5},
year = {2015},
issn = {2347-2693},
pages = {175-180},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=499},
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=499
TI - Reverse Proxy Based XSS filtering
T2 - International Journal of Computer Sciences and Engineering
AU - K.S. Wagh, Vishal Jotshi, Harshal Dalvi, Manish Kamble
PY - 2015
DA - 2015/05/30
PB - IJCSE, Indore, INDIA
SP - 175-180
IS - 5
VL - 3
SN - 2347-2693
ER -

VIEWS PDF XML
2398 2283 downloads 2425 downloads
  
  
           

Abstract

Due to the increasing amount of Web sites offering features to contribute rich content and the frequent failure of Web developers to properly sanitize user input, cross-site-scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, a malicious user can hijack Web sessions, craft credible phishing sites and using the browser based exploits can have complete access to victim machine. Previous work towards protecting against cross-site scripting attacks suffers from various drawbacks, such as practical infeasibility of deployment due to the need for client-side modifications, inability to reliably detect all injected scripts, and complex, error-prone parameterization. In this paper, we introduce a server-side solution for detecting and preventing cross-site scripting attacks using reverse proxy that intercepts all HTML responses, and allow or deny the request based on filtering techniques using regular expressions and blacklisting techniques.

Key-Words / Index Term

HTTP header filtering, Regular expression, Reverse proxy , XSS, XSS firewall

References

[1] “DOM Based Cross Site Scripting or XSS of the Third Kind” (WASC writeup), Amit Klein, July 2005
[2] Cross Site Scripting Definiton ,Web application Vulnerabilities Wikipedia.
[3] http://www.cgisecurity.com/xss-faq XSS attacks.
[4] Mattison Ward, “Using A Reverse Proxy To Filter HTTP and HTTPS” , GIAC Security Essentials Certification (GSEC), 2012
[5] XSS payloads, OWASP Cheat Sheet for xss attacks.
[6] XSS prevention Rules,OWASP rules for XSS.