SECSIX: security engine for CSRF, SQL injection and XSS attacks

Nagpal, Bharti; Chauhan, Naresh; Singh, Nanhay

doi:10.1007/s13198-016-0489-0

Cited by 11 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Table 13 shows the comparison-based analysis of our work with the existing state-of-art corresponding to the eleven research gaps. Hence, the performance overhead caused due to context-aware sanitization in our recent work [5][6][7][8] (as well as in other recent works [22][23][24][25][26] ) is improved through the integration of the method to implement the inner context-aware sanitization only on such compressed templates. Our fog-centric framework also performed the clustering on the redundant JavaScript snippets implanted in the parse tree and subsequently produces a compressed attack vector template.…”

Section: R11: Parse Tree Deviationmentioning

confidence: 96%

“…[22][23][24] However, none of them were analyzed on real virtual infrastructures of web platforms. [22][23][24] However, none of them were analyzed on real virtual infrastructures of web platforms.…”

Section: Motivationmentioning

confidence: 99%

“…Conventional sanitization adopted by the existing techniques [5][6][7][8][22][23][24] suffer from high performance overhead, as their work needs to decide the context for all malicious redundant variables of script code and hence suffers from high performance overhead on the web servers. Besides, their technique does not include method to determine the hidden context of HTML tags/attributes, which is not implemented in recent mechanisms yet.…”

Section: Proposed Scheme: Enhanced Html5 Feature-based Nested Contextmentioning

confidence: 99%

See 2 more Smart Citations

SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes

Gupta

Sharma

Kumar

2019

Concurrency and Computation

View full text Add to dashboard Cite

The authors introduce an enhanced HTML5 (H5) Cross-Site Scripting (H5-XSS) attack vector defensive model that safeguards and maintains the confidentiality of users accessing the web applications hosted on the fog nodes. Initially, the model performs in self-training manner and estimates some features of H5 script code at the simulated desktop host systems of cloud infrastructure. Second, a process of H5 feature estimation gets re-executed for the online generated HTTP response on the edge network of fog device. Any oddity in these two features sets results in the consequent nested context-familiar sanitization of the distrustful script code on an installed fog nodes. The author design their framework structure on an open application infrastructural structure of Cisco IOx framework of various networked edge devices as fog nodes. The authors configure the tested bed of H5 web platforms on the nodes of the fog computing network for evaluating the malicious script alleviation capability of their model. Evaluation outcomes expose that the author's technique is skilled sufficient for sensing and excluding the suspicious H5 code with sufferable percentage of False Negatives (FNs), False Positives (FPs), and reduced overall performance overhead during the peak congestion of generation of sanitized HTTP response on the fog nodes. KEYWORDSCloud Data Centers (CDC), code injection attacks, context aware sanitization, edge network, HTML5 XSS attack vectors, online social network (OSN) security INTRODUCTIONThe evolution of cloud computing exempted the industries and their consumers from handling the description of countless specifics, like loading resources and computation constraints. 1 It is clearly highlighted in the work of Ponemon 2 that almost 91% of administrations in Europe and UnitedStates approved that drop in the cost is the main motivation for them to move to the platforms of cloud infrastructure. Slight investment, price deduction, and prompt implementation are some of the key aspects that motivate the enterprises to facilitate the services of cloud infrastructure and permit them for putting the emphasis on essential industry worries and main concern, instead of dealing with nominal concerns. Although, such advantages turn out to be problematic for applications, which are latency-sensitive and that need nodes in the area to avail their suspension requests. Smart phones are getting larger utilized in the day-to-day routine lifecycle of the people. Existing cloud computing prototypes cannot satisfy their necessities of motion provision, position alertness, and low latency. 3 In addition, the virtual machines of cloud platforms cannot support end points with rich facilities, comprising the applications with small latency necessities. The reason behind such non-optimal performance is that the data processing is completed at the central of the network of the cloud platforms, which has least connection with ground level.Recently, a new term is coined up, ie, Fog Computing, that extends boundary of cloud platform to an e...

show abstract

Section: R11: Parse Tree Deviationmentioning

confidence: 96%

Section: Motivationmentioning

confidence: 99%

Section: Proposed Scheme: Enhanced Html5 Feature-based Nested Contextmentioning

confidence: 99%

See 1 more Smart Citation

SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes

Gupta

Sharma

Kumar

2019

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Significant number of solutions have already been proposed in the past for securing the client's authenticated session to the server which addresses the threat of CSRF , as well as for session hijacking . Almost all of the previous works propose an additional communication layer or proxy‐layer between the client and the server.…”

Section: Related Workmentioning

confidence: 99%

“…Reflected cross-site scripting is the type where the malicious script is delivered to the victim through an alternate channel like through scripts embedded in an e-mail message. The victim is tricked into clicking an infected link or opening an infected FIGURE 8 Internal layered storage design of CookieArmor e-mail attachment which in turn executes the malicious script. Reflected cross-site-scripting threats are also known as Type-II or nonpersistent cross-site scripting as shown in Figure 7B.…”

Section: Cross-site Scriptingmentioning

confidence: 99%

CookieArmor: Safeguarding against cross‐site request forgery and session hijacking

Sinha

Tripathy

2019

Security and Privacy

View full text Add to dashboard Cite

Internet browsers use cookies and session‐IDs for maintaining HTTP state information which has led to several security vulnerabilities such as cross‐site request forgery (CSRF) and session hijacking. Several works have been carried out in the past to address these threats and most of these works propose an additional layer between the client‐server communication architecture. While some solutions propose this layer at the client side, others propose it at the server side. This work proposes an efficient client‐side proxy named CookieArmor for addressing the threat of CSRF and cross‐site scripting (XSS). CookieArmor is a two‐token selective CSRF prevention mechanism with restricted relaxation for cross‐origin request. CookieArmor determines whether a script is capable of performing state changing operations and safeguards only such scripts using a two‐token CSRF prevention scheme. CookieArmor uses active Session‐ID filtering to safeguards against session hijacking. CookieArmor also uses quotient‐filter between the proxy and its internal database for improving the performance. Efficiency of CookieArmor demonstrates significant improvement than other solutions.

show abstract

Potecting Patient Privacy: Understanding and Classifying Attacks and Vulnerabilities in Web-Based Healthcare Records

Bensahab,

Abouelmehdi,

Elmoutaouakkil

2024

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

SECSIX: security engine for CSRF, SQL injection and XSS attacks

Cited by 11 publications

References 13 publications

SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes

SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodes

CookieArmor: Safeguarding against cross‐site request forgery and session hijacking

Potecting Patient Privacy: Understanding and Classifying Attacks and Vulnerabilities in Web-Based Healthcare Records

Contact Info

Product

Resources

About