• home
• current students
• graduate
• events

Presenter: Sanjay Dutt
Supervisor:

Date: Mon, August 22, 2022
Time: 10:00:00 - 11:00:00
Place: via Zoom - please see link below

ABSTRACT

Join Zoom Meeting

https://uvic.zoom.us/j/86890383407?pwd=RHczSGtOQ0ZSM1VOSXpyWXg4ZWJzdz09
 

ABSTRACT

Nowadays, web applications have become one of the standard platforms for delivering and representing data and services released over the World Wide Web. Since web applications are more and more utilized for security-critical services, they have turned out to be a well-liked and precious target for hackers. Cross-site scripting (XSS) is a class of web application vulnerabilities that allow attackers to execute malicious scripts in the user’s browser. XSS is by far the most common type of web application vulnerability, appearing in every OWASP Top 10 list from the very first edition. Though many modern web applications use third party filtering applications to detect XSS attacks, there are several evasion techniques which can be applied to bypass such filters. In this project, we investigated the characteristics of XSS evasion payloads, and leveraged such knowledge to develop a Chrome plugin to detect and filter reflected XSS, which is one of most insidious forms of web attacks. To evaluate the plugin, we compiled and used a large collection of XSS payloads from various public sources, along with a dataset of existing whitelisted URLs. The evaluation yielded very encouraging performance results in terms of detection rate and false positive rate.