Yukti: A Dynamic Agent Based IDS With Suspect Engine to Detect Diverse XSS Attacks

Download Now Date Added: Dec 2011
Format: PDF

Injecting malicious script through links, URLs (Unified Resource Locator) or as user inputs and getting it executed (when inputs are not validated) in the client side is called CROSS Site Scripting (XSS) attack. It is called XSS because the script that is executed here is not originated from the same client or from a trusted server. The authors' solution "Yukti" is devised to detect these application specific XSS attacks at network level by deep packet inspection in the live environment. Existing solutions do static security code review or scans the application for known attack patterns.