A Client/Server Mechanism to against cross site scripting attack
碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === With the spreading of network and the applying of WEB2.0 technology, the web site has become the most important marketing tools. When the web application developing time is short, the application's security is ignored easily than past. The web applicati...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2012
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/4922u2 |
| Summary: | 碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === With the spreading of network and the applying of WEB2.0 technology, the web site has become the most important marketing tools. When the web application developing time is short, the application's security is ignored easily than past. The web application's input validation isn't perfect by developer's consideration and it became the attacking target of hacker. The common attack is XSS (Cross Site Scripting). Most of XSS Attack is to inject the malicious JavaScript from user's input. How to judge the user's input is the important point of defense. This paper proposes a simple detecting mechanism. We use the Client/Server architecture, the web manager just installs the scanning program in web server and we can use the checking process of client for detecting and defensing the XSS attack. The client's checking mechanism can set at server site or client site. It can deploy the defense mechanism agilely and provide easy and effective protection.
|
|---|