Security Investigate

SWAP: Mitigating XSS Attacks Using a Reverse Proxy

Download now Free registration required

Executive Summary

Due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites. Previous work towards protecting against cross-site scripting attacks suffers from various drawbacks, such as practical infeasibility of deployment due to the need for client-side modifications, inability to reliably detect all injected scripts, and complex, error-prone parameterization. This paper introduces SWAP (Secure Web Application Proxy), a server-side solution for detecting and preventing cross-site scripting attacks.

  • Format: PDF
  • Size: 130.7 KB