BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago IEEE Symposium on Security and Privacy, 2009 --- Presented by Joseph Del Rocco University of Central Florida
27
Embed
BLUEPRINT : Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
BLUEPRINT : Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago IEEE Symposium on Security and Privacy, 2009 --- Presented by Joseph Del Rocco University of Central Florida. Outline. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for
• Code injection into untrusted HTML which exploits client-side browser parsing
• Hacker injects code into untrusted section,innocent user visits the web page,client browser displays all content,user encounters unintended content / hack
• All websites now have to update their libraries of code to use BLUEPRINT…
• HTML interpretation process may change,especially on embedded browsers
• Large script (15.6kB) downloaded / cached,How safe is this script? One for each site?
• Client browser may disable JavaScript
• Page size overhead due to text encoding
26
Improvement / Future Work
• Securely transfer script & keep up-to-date
• Perhaps different encoding scheme or compress w/ fast codec
• Maybe a scheme that empowers user?
27
References
1 M. Ter Louw, V.N. Venkatakrishnan. BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers, IEEE Symposium on Security & Privacy, 2009