Abstract

Detecting web application attacks is a task performed by many systems. An example of such a system is the open source tool NoScript, which will be discussed at various points in this work. Among these attacks, cross site scripting is a focus of this study, mainly due to the levels of concern related to it. The primary goal of this research is to analyze how efficiently a cross-site scripting attack once detected can be logged. Logging the attack has benefits from a Cyberforensics point of view. This work analyzes related efforts and the benefits of implementing such functionality. It was found that for the test system analyzed, there was an additional overhead. This overhead, though, was seen to be within acceptable limits defined in Usability Engineering literatures.

Keywords

Cyberforensics, Frequency analysis, Open source tools, Semantic analysis, Usability engineering, Web application security

Date of this Version

4-26-2010

Department

Information Security

Department Head

Eugene Spafford

Month of Graduation

May

Year of Graduation

2010

Degree

Master of Science

Head of Graduate Program

Eugene Spafford

Advisor 1 or Chair of Committee

Marcus K. Rogers

Committee Member 1

Pascal Meunier

Committee Member 2

Victor Raskin

Share

COinS