Logging cross-site scripting attacks in Firefox for forensic investigation

Mithun Vaidhyanathan, Purdue University

Abstract

Detecting web application attacks is a task performed by many systems. An example of such a system is the open source tool NoScript, which will be discussed at various points in this work. Among these attacks, cross site scripting is a focus of this study, mainly due to the levels of concern related to it. The primary goal of this research is to analyze how efficiently a cross-site scripting attack once detected can be logged. Logging the attack has benefits from a Cyberforensics point of view. This work analyzes related efforts and the benefits of implementing such functionality. It was found that for the test system analyzed, there was an additional overhead. This overhead, though, was seen to be within acceptable limits defined in Usability Engineering literatures.

Degree

M.S.

Advisors

Rogers, Purdue University.

Subject Area

Information Technology|Computer science

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server
.

Share

COinS