Code-Reuse Attacks for the Web Article Swipe

PDF

Related Concepts

Cross-site scripting Computer science Scripting language Reuse World Wide Web Web application Computer security Documentation Focus (optics) Code (set theory) Vulnerability (computing) Web application security Web page Web development Programming language Engineering Physics Optics Set (abstract data type) Waste management

Sebastian Lekies , Krzysztof Kotowicz , Samuel M. Gross , Eduardo Alberto Vela Nava , Martin Johns ·

YOU? · · 2017 · Open Access · · DOI: https://doi.org/10.1145/3133956.3134091 · OA: W2765755114

Cross-Site Scripting (XSS) is an unremitting problem for the Web. Since its initial public documentation in 2000 until now, XSS has been continuously on top of the vulnerability statistics. Even though there has been a considerable amount of research and developer education to address XSS on the source code level, the overall number of discovered XSS problems remains high. Because of this, various approaches to mitigate XSS have been proposed as a second line of defense, with HTML sanitizers, Web Application Firewalls, browser-based XSS filters, and the Content Security Policy being some prominent examples. Most of these mechanisms focus on script tags and event handlers, either by removing them from user-provided content or by preventing their script code from executing.