A Chrome Plugin to Detect Reflected XSS Attacks

Simple item page
dc.contributor.authorDutt, Sanjay
dc.contributor.supervisorTraore, Issa
dc.date.accessioned2022-09-12T19:07:44Z
dc.date.available2022-09-12T19:07:44Z
dc.date.copyright2022en_US
dc.date.issued2022-09-12
dc.degree.departmentDepartment of Electrical and Computer Engineeringen_US
dc.degree.levelMaster of Engineering M.Eng.en_US
dc.description.abstractNowadays, web applications have become one of the standard platforms for delivering and representing data and services released over the World Wide Web. Since web applications are more and more utilized for security-critical services, they have turned out to be a well-liked and precious target for hackers. Cross-site scripting (XSS) is a class of web application vulnerabilities that allow attackers to execute malicious scripts in the user’s browser. XSS is by far the most common type of web application vulnerability, appearing in every OWASP Top 10 list from the very first edition. Though many modern web applications use third party filtering applications to detect XSS attacks, there are several evasion techniques which can be applied to bypass such filters. In this project, we investigated the characteristics of XSS evasion payloads, and leveraged such knowledge to develop a Chrome plugin to detect and filter reflected XSS, which is one of most insidious forms of web attacks. To evaluate the plugin, we compiled and used a large collection of XSS payloads from various public sources, along with a dataset of existing whitelisted URLs. The evaluation yielded very encouraging performance results in terms of detection rate and false positive rate.en_US
dc.description.scholarlevelGraduateen_US
dc.identifier.urihttp://hdl.handle.net/1828/14243
dc.language.isoenen_US
dc.rightsAvailable to the World Wide Weben_US
dc.subjectReflected XSSen_US
dc.subjectWeb Securityen_US
dc.subjectChrome Pluginen_US
dc.subjectXSSen_US
dc.titleA Chrome Plugin to Detect Reflected XSS Attacksen_US
dc.typeprojecten_US

Files

Original bundle
Now showing 1 - 2 of 2
Thumbnail Image
Name:
Sanjay_Dutt_MEng_2022.pdf
Size:
767.21 KB
Format:
Adobe Portable Document Format
Description:
Project Report
Download
No Thumbnail Available
Name:
XSS_payload_data.xlsx
Size:
145.8 KB
Format:
Microsoft Excel
Description:
XSS Payloads
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Graduate Projects (Electrical and Computer Engineering)
 
University of Victoria Libraries

We acknowledge and respect the Lək̓ʷəŋən (Songhees and Esquimalt) Peoples on whose territory the university stands, and the Lək̓ʷəŋən and W̱SÁNEĆ Peoples whose historical relationships with the land continue to this day.