Detection & Sanitization of XSS 

Jun Zheng (jz33) Chao Zhang (cz15)

Rice University

Introduction

Cross-site scripting (XSS) is a major computer security violation mostly found in web applications that allows an attacker injects malicious client side scripts, thus makes an impact to server as well as to the browser of other users. For instance, if a web page provides user a textfield to input, instead of typing in “plain” strings, the attacker could input Javascripts or CSS styless or DOMs. If this textfield is without sanitization it can typically results that, an attacker could via the executable codes, gain access privileges to some secrets of the server, or other important informations maintained by the browser on behalf of other users.

Major web application framework vendors provide mechanism or requirements in their products to protect XSS. For example, JSP requires programmer to add “fn:escapeXml()” right before a string that is intended to be plain text.[1] In Spring, programmer is able to set a parameter “defaultHtmlEscape”[2]. And in Django, XSS is protected by “Auto-sanitization”[3], on which mainly our team’s research focus. explore the protection mechanism (sanitization) against XSS in Django, focusing on.

Strategy

First, we do research on analysis of XSS attacks. 2 papers from Weinberger [4][5] made very deep research on this topic, and [6] also provides good summary of existing solutions. Second, as the time limit of this project, out team will mainly focus on Django’s Auto-sanitization mechanism, with its implementation, backend support, working scope, and limitations. Third, out team will design some assistant programs or plug-ins to detect or scan possible XSS attack codes. A good open source example is in [7].

References & Links:

[1] http://www.tutorialspoint.com/jsp/jstl_function_escapexml.htm

[2] http://stackoverflow.com/questions/9111105/spring-mvc-defaulthtmlescape-does-it-work-on-the-way-in-or-out

[3] https://docs.djangoproject.com/en/dev/topics/security/

[4] Weinberger, J., et al., “A Systematic Analysis of XSS Sanitization in Web Application Frameworks”, Springer-Verlag Berlin Heidelberg 2011

[5] Weinberger, J., et al., “An Empirical Analysis of XSS Sanitization in Web Application Frameworks”, Technical Report No. UCB/EECS-2011-11

[6] Bugeja, Joseph, “A PRAGMATIC POLICY-DRIVEN XSS PROTECTION FRAMEWORK ”, master thesis of Royal Holloway University of London, 2011

[7] https://github.com/stamparm/DSXS

This entry was posted on Wednesday, October 16th, 2013 at 9:57 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.