Hunting Cross-Site Scripting Attacks in the Network

Date Added: May 2010
Format: PDF

CROSS-Site Scripting (XSS) attacks in web applications are considered a major threat. In a yearly basis, large IT security vendors export statistics that highlight the need for designing and implementing more efficient countermeasures for securing modern web applications and web users. So far, all these studies are carried out by IT security vendors. The academic community lacks of the tools for performing similar studies for quantifying various properties of XSS attacks. In this paper, the authors present xHunter, a tool that takes as input a web trace and scans it for identifying possible XSS exploits.