Research And Implementation Of Architecture On Preventing XSS Attacks

With the development of Web2.0technology，Web applications which havefriendly interface, practicality and rich function are being more and more users’ favor.They allow accepting incredible sources, leading to Web application securityvulnerabilities attack has become the most important and common current Websecurity problems. Among the Web application security vulnerabilities attacks, crosssite scripting (XSS) holes is one of the most serious security vulnerabilities in recentyears, attacker inserts malicious script in the Web page, and once other users browsethe page, the script will be quietly executed, then get sensitive information of Webapplications and users. Therefore, how to accurately detection and prevention XSSattack has the very vital significance to ensure safety of Web applications.At present, the number of method for preventing XSS attack is not much, thetraditional methods including input filtering, data flow tracking, penetration test andso on. These methods not only can’t guard against all types of XSS attacks, but alsothere are higher false negative rate and false alarm rate.According to deficiency of the traditional method, this paper proposes anarchitecture to prevent XSS attacks, which includes server and server proxy. In theserver, it uses generated randomization to identify the trusted content and DOMdynamically written script content of the original web page, and then set up a policywhich is used for filtering HTML text. In the server proxy, it uses the randomizationand policy which are transferred from the server to analyze and judge the responsepage. The realization of the framework is based on MVC design patterns, it does notneed the client browser support, and can effectively prevent various types of XSSattacks, and it does not have much influence on the system’s performance, can meetthe needs of the general Web users.Finally, we realize the framework, and the experiment shows its’ effectiveness toprevent XSS attack. Compared with the similar protection tools, it has certainadvantages.