Academic Journals Database
Disseminating quality controlled scientific knowledge

Prevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side

Author(s): Shashank Gupta | Lalitsen Sharma | Manu Gupta | Simi Gupta

Journal: International Journal of Advanced Computer Research
ISSN 2249-7277

Volume: 2;
Issue: 5;
Start page: 49;
Date: 2012;
VIEW PDF   PDF DOWNLOAD PDF   Download PDF Original page

Keywords: Cookies | HTTP | Cross-Site Scripting Attacks | Hash function.

Cookies are a means to provide statefulcommunication over the HTTP. In the World WideWeb (WWW), once the user using web browser hasbeen successfully authenticated by the web server ofthe web application, then the web server willgenerate and transfer the cookie to the web browser.Now each time, if the user again wants to send arequest to the web server as a part of the activeconnection, the user has to include thecorresponding cookie in its request, so that the webserver associates the cookie to the correspondinguser. Cookies are the mechanisms that maintain anauthentication state between the user and webapplication. Therefore cookies are the possibletargets for the attackers. Cross Site Scripting (XSS)attack is one of such attacks against the webapplications in which a user has to compromise itsbrowser’s resources (e.g. cookies etc.). In this paper,a novel technique called Dynamic Hash GenerationTechnique is introduced whose aim is to makecookies worthless for the attackers. This techniqueis implemented on the server side whose main taskis to generate a hash of the value of name attributein the cookie and send this hash value to the webbrowser. With this technique, the hash value ofname attribute in the cookie which is stored on thebrowser’s database is not valid for the attackers toexploit the vulnerabilities of XSS attacks.
Why do you need a reservation system?      Save time & money - Smart Internet Solutions