XHUNTER
XHUNTER: Tracking XSS on the Net
| Coordinatore | FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS
Organization address
address: N PLASTIRA STR 100 contact info |
| Nazionalità Coordinatore | Greece [EL] |
| Totale costo | 219˙392 € |
| EC contributo | 219˙392 € |
| Programma | FP7-PEOPLE
Specific programme "People" implementing the Seventh Framework Programme of the European Community for research, technological development and demonstration activities (2007 to 2013) |
| Code Call | FP7-PEOPLE-2010-IOF |
| Funding Scheme | MC-IOF |
| Anno di inizio | 2011 |
| Periodo (anno-mese-giorno) | 2011-11-01 - 2014-10-31 |
Partecipanti
| # | ||||
|---|---|---|---|---|
| 1 |
FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS
Organization address
address: N PLASTIRA STR 100 contact info |
EL (HERAKLION) | coordinator | 219˙392.80 |
Mappa
Word cloud
Esplora la "nuvola delle parole (Word Cloud) per avere un'idea di massima del progetto.
Obiettivo del progetto (Objective)
'Code-injection attacks through Cross-Site Scripting (XSS) in the web browser have observed a significant increase over the previous years. According to a September-2009 report published by the SANS Institute, attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. In this project we propose the design and development of a prototype that can inspect passively the network for extracting URLs that can potentially exploit a web application, through XSS. The detector assumes that all URLs that contain parts that can produce a valid JavaScript syntax tree are considered suspicious. We will develop tools that identify text fragments of URLs, exchanged in the network, that produce a valid JavaScript syntax-tree of high depth. These URLs are considered as possible XSS exploitation attempts.'