Comp527 Final Project Milestone Report (Nov 5 2013)
Detection & Sanitization of XSS
Jun Zheng (jz33) Chao Zhang (cz15)
Rice University
Overview
Our project goes slowly but steadily. For now, we are focusing on 2 aspects simultaneously.
Part I
On one side, our group is researching theories on XSS, that is, definition, significance, and more importantly, how common web frameworks (as currently selected, Django, GWT at least) support sanitization. [1][2] shows that mechanism on different frameworks varies a lot, but generally categories can be recorded according to 1) what language /expression (HTML, CSS, Javascript) is supported; 2) untrusted data separation; 3) auto sanitization abilities (context-insensitive sanitization, context-sensitive sanitization, able to handle nested context, able to handle dynamic context); 4) placement of sanitizers
Part II
One the other side, our group is trying to design tiny web applications based on selected frameworks, in order to observe XSS attack. Current design are basically composed by 3 parts, a naive victim app (citizen), a randomized attacker (killer), a status estimator (judge). This part goes slowly, because neither of us has experiences on Django /GWT, but expecting result might be interesting that to see our own app is been killed by ourselves.
Reference
[1] Weinberger, J., et al., “A Systematic Analysis of XSS Sanitization in Web Application Frameworks”, Springer-Verlag Berlin Heidelberg 2011
[2] Weinberger, J., et al., “An Empirical Analysis of XSS Sanitization in Web Application Frameworks”, Technical Report No. UCB/EECS-2011-11
Our group also have posted the details of milestone report for the final project, please refer to the link for more information, thank you.
http://xss.blogs.rice.edu/2013/11/04/final-project-milestone-detection-sanitization-of-xss/