A unified cyber-enhanced approach for detecting cross-site scripting attacks on Web applications

Bhanukiran Gurijala, University of Texas at El Paso


Cyber-security is one of our nation’s most critical security priorities, and its importance continues to grow with the pervasiveness of computers and Web-based applications. In particular, cross-site scripting (XSS) is one of the most common and dangerous types of injection attacks that exploit input validation vulnerabilities. XSS has intensified due to: 1) lack of extensive security domain knowledge of software engineers who are involved in building and/or maintaining Web-applications; and 2) lack of proper software development processes focused on security, resulting in fixes to security vulnerabilities late in the software development lifecycle. Indeed, the cost benefits of removing defects, in particular security-related faults, earlier in the lifecycle is well documented. The research goal is to reduce successful XSS attacks through a unified approach that identifies malicious and suspicious inputs/outputs based on customized application-specific knowledge. The Intrusion Detection Approach (IDA), which is defined in this dissertation, captures XSS-related domain knowledge from national catalogs of attack patterns and uses it to generate application-specific XSS patterns for monitoring IO by integrating technologies and techniques such as ontologies, provenance, formalizations and security-related domain knowledge. The work hosts a security knowledge base that is easily maintainable whenever new attacks or new ways of launching attacks come into use. Updating the security knowledge base results in monitoring, identifying, and preventing XSS attacks without any changes to the Web application. Risk analysis combined with provenance provides a unique way of prioritizing formalized patterns based on sensitivity level of assets and trends of threats. Using the XSSMon tool, which realizes the IDA, the author conducted a case study on two versions of a commercial Web application to compare the effectiveness of XSSMon. The results showed that XSSMon had higher success rates in identifying XSS-related attacks. Specifically, the overall success rates were 4.79% and 28.01% for the original and latest version of the Web application, respectively, and 88.36% and 100% for the initial and latest version of XSSMon, respectively. The results of this case study can be extended to other Web applications that accept similar equivalence classes of IO.

Subject Area

Web Studies|Computer science

Recommended Citation

Gurijala, Bhanukiran, "A unified cyber-enhanced approach for detecting cross-site scripting attacks on Web applications" (2016). ETD Collection for University of Texas, El Paso. AAI10152104.