{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T23:18:50Z","timestamp":1725751130596},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642419461"},{"type":"electronic","value":"9783642419478"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41947-8_29","type":"book-chapter","created":{"date-parts":[[2013,10,5]],"date-time":"2013-10-05T11:06:54Z","timestamp":1380971214000},"page":"345-356","source":"Crossref","is-referenced-by-count":2,"title":["Evaluation of Open Source Server-Side XSS Protection Solutions"],"prefix":"10.1007","author":[{"given":"Jonas","family":"Ceponis","sequence":"first","affiliation":[]},{"given":"Lina","family":"Ceponiene","sequence":"additional","affiliation":[]},{"given":"Algimantas","family":"Venckauskas","sequence":"additional","affiliation":[]},{"given":"Dainius","family":"Mockus","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"29_CR1","unstructured":"Acker, S., Nikiforakis, N., Desmet, L., Joosen, W., Piessens, F.: FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM (2012)"},{"key":"29_CR2","unstructured":"Balduzzi, M., Gimenez, C., Balzarotti, D., Kirda, E.: Automated discovery of parameter pollution vulnerabilities in web applications. In: Proceedings of the 18th Network and Distributed System Security Symposium (2011)"},{"key":"29_CR3","doi-asserted-by":"crossref","unstructured":"Bates, D., Barth, A., Jackson, C.: Regular expressions considered harmful in client-side XSS filters. In: Proceedings of the 19th International Conference on World Wide Web, pp. 91\u2013100. ACM (2010)","DOI":"10.1145\/1772690.1772701"},{"key":"29_CR4","unstructured":"Brooks, M.: Bypassing Internet Explorer\u2019s XSS Filter. Traps of Gold-Defcon (2011)"},{"key":"29_CR5","unstructured":"Bugeja, J., Price, G.: A Pragmatic, Policy-Driven Framework for Protection Against Cross-Site Scripting. Royal Holloway Series (2012)"},{"key":"29_CR6","unstructured":"Curtsinger, C., Livshits, B., Zorn, B.G., Seifert, C.: ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection. In: USENIX Security Symposium (2011)"},{"key":"29_CR7","unstructured":"FireHost Inc.: Cross-Site Scripting Attacks Up 160% in Final Quarter of 2012 (2013), \n                    \n                      http:\/\/www.firehost.com\/company\/newsroom\/web-application-attack-report-fourth-quarter-2012"},{"key":"29_CR8","unstructured":"Galan, E., Alcaide, A., Orfila, A., Blasco, J.: A multi-agent scanner to detect stored-XSS vulnerabilities. In: Proceedings of the International Conference for Internet Technology and Secured Transactions, pp. 1\u20136 (2010)"},{"key":"29_CR9","doi-asserted-by":"crossref","unstructured":"Grossman, J., Hansen, R., Petkov, P.D., Rager, A., Fogie, S.: XSS Attacks: Cross-Site Scripting Exploits and Defense. Syngress (2007)","DOI":"10.1016\/B978-159749154-9\/50005-6"},{"key":"29_CR10","series-title":"CCIS","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/978-3-642-34135-9_26","volume-title":"Recent Trends in Computer Networks and Distributed Systems Security","author":"S.F. Hidhaya","year":"2012","unstructured":"Hidhaya, S.F., Geetha, A.: Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol.\u00a0335, pp. 252\u2013263. Springer, Heidelberg (2012)"},{"key":"29_CR11","unstructured":"Hooimeijer, P., Livshits, B., Molnar, D., Saxena, P., Veanes, M.: Fast and precise sanitizer analysis with BEK. In: Proceedings of the 20th USENIX Conference on Security (2011)"},{"key":"29_CR12","unstructured":"Hope, P., Walther, B.: Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast. O\u2019Reilly Media, Inc. (2008)"},{"key":"29_CR13","unstructured":"HTML Purifier, \n                    \n                      http:\/\/htmlpurifier.org"},{"key":"29_CR14","unstructured":"htmLawed, \n                    \n                      http:\/\/www.bioinformatics.org\/phplabware\/internal_utilities\/htmLawed\/index.php"},{"key":"29_CR15","unstructured":"Klein, A.: DOM-based Cross-Site Scripting of the Third Kind, \n                    \n                      http:\/\/www.webappsec.org\/projects\/articles\/071105.html"},{"key":"29_CR16","unstructured":"Korscheck, C.: Automatic Detection of Second-Order Cross-Site Scripting Vulnerabilities. Diploma Thesis, Wilhelm-Schickard-Institut fur Informatik University at Tubingen (2010)"},{"key":"29_CR17","doi-asserted-by":"crossref","unstructured":"Kotha, R., Prasad, K., Naik, D.: Analysis of XSS attack mitigation techniques based on platforms and browsers. In: SEA, CLOUD, DKMP, CS & IT, vol.\u00a05, pp. 395\u2013405 (2012)","DOI":"10.5121\/csit.2012.2240"},{"key":"29_CR18","unstructured":"kses, \n                    \n                      http:\/\/sourceforge.net\/projects\/kses\/"},{"key":"29_CR19","unstructured":"Lundeen, R., Ou, J., Rhodes, T.: New Ways I\u2019m Going to Hack Your Web App. Blackhat AD (2011)"},{"key":"29_CR20","unstructured":"Microsoft Anti-Cross Site library V4.2, \n                    \n                      http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=28589"},{"key":"29_CR21","unstructured":"Hamada, M.H.A.: Client Side Action Against Cross Site Scripting Attacks. Degree of Master in Information Technology, Islamic University Faculty of Information Technology (2012)"},{"key":"29_CR22","unstructured":"Nadji, Y., Saxena, P., Song, D.: Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. In: Network and Distributed System Security Symposium (2009)"},{"key":"29_CR23","unstructured":"National Institute of Standarts and Technology: CVE and CCE Statistics Query Page, \n                    \n                      http:\/\/web.nvd.nist.gov\/view\/vuln\/statistics"},{"key":"29_CR24","doi-asserted-by":"crossref","unstructured":"Nunan, A.E., Souto, E., dos Santos, E.M., Feitosa, E.: Automatic Classification of Cross-Site Scripting in Web Pages Using Document-based and URL-based Features. In: Proceedings of ISCC, pp. 702\u2013707 (2012)","DOI":"10.1109\/ISCC.2012.6249380"},{"key":"29_CR25","unstructured":"Open Web Application Security Project: XSS (Cross Site Scripting) Prevention Cheat Sheet , \n                    \n                      https:\/\/www.owasp.org\/index.php\/XSS_Cross_Site_Scripting_Prevention_Cheat_Sheet"},{"key":"29_CR26","unstructured":"OWASP AntiSamy Project, \n                    \n                      https:\/\/www.owasp.org\/index.php\/Category:OWASP_AntiSamy_Project"},{"key":"29_CR27","unstructured":"OWASP Java HTML Sanitizer Project, \n                    \n                      https:\/\/www.owasp.org\/index.php\/OWASP_Java_HTML_Sanitizer_Project"},{"key":"29_CR28","doi-asserted-by":"crossref","unstructured":"Pelizzi, R., Sekar, R.: Protection, usability and improvements in reflected XSS filters. In: Proceedings of the 7th ACM Symposium on Information (2012)","DOI":"10.1145\/2414456.2414458"},{"key":"29_CR29","unstructured":"SafeHTMLChecker, \n                    \n                      http:\/\/doc.b2evo.net\/v-1-9\/evocore\/_blogs-inc-_misc-_htmlchecker.class.php.html"},{"key":"29_CR30","doi-asserted-by":"crossref","unstructured":"Saxena, P., Molnar, D., Livshits, B.: Scriptgard: Preventing script injection attacks in legacy web applications with automatic sanitization. Tech. rep., Microsoft Research (2010)","DOI":"10.1145\/2046707.2046776"},{"key":"29_CR31","first-page":"229","volume":"7","author":"K. Selvamani","year":"2010","unstructured":"Selvamani, K., Duraisamy, A., Kannan, A.: Protection of Web Applications from Cross-Site Scripting Attacks in Browser Side. International Journal of Computer Science and Information Security\u00a07, 229\u2013236 (2010)","journal-title":"International Journal of Computer Science and Information Security"},{"key":"29_CR32","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1016\/j.infsof.2011.12.006","volume":"54","author":"L.K. Shar","year":"2012","unstructured":"Shar, L.K., Tan, H.: Automated removal of cross site scripting vulnerabilities in web applications. Information and Software Technology\u00a054, 467\u2013478 (2012)","journal-title":"Information and Software Technology"},{"key":"29_CR33","unstructured":"Tibom, P.: Incapsula vs. CloudFlare. Security Review & Comparison (2012)"},{"key":"29_CR34","unstructured":"TidyManaged, \n                    \n                      https:\/\/github.com\/markbeaton\/TidyManaged"},{"key":"29_CR35","unstructured":"The OWASP Enterprise Security API, \n                    \n                      https:\/\/www.owasp.org\/index.php\/ESAPI"},{"key":"29_CR36","doi-asserted-by":"crossref","unstructured":"Wang, Y., Li, Z., Guo, T.: Program Slicing Stored XSS Bugs in Web Application. In: Proceeding of the 5th IEEE International Symposium on Theoretical Aspects of Software Engineering, pp. 191\u2013194 (2011)","DOI":"10.1109\/TASE.2011.43"},{"key":"29_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-642-23822-2_9","volume-title":"Computer Security \u2013 ESORICS 2011","author":"J. Weinberger","year":"2011","unstructured":"Weinberger, J., Saxena, P., Akhawe, D., Finifter, M., Shin, R., Song, D.: A systematic analysis of XSS sanitization in web application frameworks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol.\u00a06879, pp. 150\u2013171. Springer, Heidelberg (2011)"}],"container-title":["Communications in Computer and Information Science","Information and Software Technologies"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41947-8_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,17]],"date-time":"2019-05-17T14:55:56Z","timestamp":1558104956000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41947-8_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642419461","9783642419478"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41947-8_29","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2013]]}}}