(Publisher of Peer Reviewed Open Access Journals)

International Journal of Advanced Computer Research (IJACR)

ISSN (Print):2249-7277    ISSN (Online):2277-7970
Volume-2 Issue-5 September-2012
Full-Text PDF
Paper Title : Prevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side
Author Name : Shashank Gupta, Lalitsen Sharma, Manu Gupta, Simi Gupta
Abstract :

Cookies are a means to provide stateful communication over the HTTP. In the World Wide Web (WWW), once the user using web browser has been successfully authenticated by the web server of the web application, then the web server will generate and transfer the cookie to the web browser. Now each time, if the user again wants to send a request to the web server as a part of the active connection, the user has to include the corresponding cookie in its request, so that the web server associates the cookie to the corresponding user. Cookies are the mechanisms that maintain an authentication state between the user and web application. Therefore cookies are the possible targets for the attackers. Cross Site Scripting (XSS) attack is one of such attacks against the web applications in which a user has to compromise its browser’s resources (e.g. cookies etc.). In this paper, a novel technique called Dynamic Hash Generation Technique is introduced whose aim is to make cookies worthless for the attackers. This technique is implemented on the server side whose main task is to generate a hash of the value of name attribute in the cookie and send this hash value to the web browser. With this technique, the hash value of name attribute in the cookie which is stored on the browser’s database is not valid for the attackers to exploit the vulnerabilities of XSS attacks.

Keywords : Cookies, HTTP, Cross-Site Scripting Attacks, Hash function.
Cite this article : Shashank Gupta, Lalitsen Sharma, Manu Gupta, Simi Gupta, " Prevention of Cross-Site Scripting Vulnerabilities using Dynamic Hash Generation Technique on the Server Side " , International Journal of Advanced Computer Research (IJACR), Volume-2, Issue-5, September-2012 ,pp.49-54.