1 / 13

A Server Solution for Cookie-Stealing-Based XSS Attacks

This paper presents a novel server-side solution aimed at mitigating cookie-stealing vulnerabilities associated with cross-site scripting (XSS) attacks. Leveraging a comprehensive approach, the study discusses the mechanisms for verifying cookies and maintaining secure user sessions through server modifications. By implementing a rigorous cookie management strategy that evaluates IP address matching and timestamps, the proposed system effectively protects against unauthorized access. Ultimately, this solution enhances the security framework of web applications against persistent XSS threats.

ava-bradshaw
Télécharger la présentation

A Server Solution for Cookie-Stealing-Based XSS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Server Solution for Cookie-Stealing-Based XSS Attacks Jhen-Li Wang, Shih-Jen Chen, Chia-Hao Lee, Fu-Hau Hsu CSIE@NCU–ADLab, Networks & Multimedia Institute For Information Industry

  2. Stored XSS Reflected XSS Stored XSS Reflected XSS X S S

  3. How to defend XSS?

  4. We do this… Modify KERNEL

  5. Finish. And wait for next.

  6. sys_read • do_sock_read • sock_recvmsg • skb_copy_ • datagram_iovec • tcp_recvmsg • inet_recvmsg • memcpy_toiovec • copy_to_user

  7. Web Server Application User mode Kernel mode Cookie Verifier Cookie Cleaner CookieAbstractor Cookie Table Payload Collector Packet 比對cookie 和 IP 檢查table node的時間, 看是否須清除 捉cookie, source IP, 算時間 (Hash table) 儲存cookie(key),IP, 時間 捉封包資料

  8. Finish. And wait for next.

More Related