| Web applications have been widely used in various fields such as news, e-commerce, and social networking. However, the endless web security events have been troubling the service providers and the users. Therefore, the research on web security is very important.Though there have been some effective security solutions on the web server side, the security mechanisms of the client side are relatively weak. This thesis is focus on the web security threat detection techniques of the browser, especially the client side XSS detection techniques. First, we make a careful investigation on the existing XSS detection techniques, and then manage to figure out the weakness and raise the attacking methods. Next, we design a new XSS filter called XSSBreaker, which successfully avoid the known weakness. By the improved parameter matching algorithms and the improved security policies, XSSBreaker is able to detect the partial injection attacks and remain robust to more complex parameter transformations.We implement XSSBreaker on the CSP framework of Firefox browser, and make a comprehensive security evaluation. The tests on the correctness, the compatibility and the performance have shown XSSBreaker is a better XSS filter. |
PDF Full Text Request