PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks
Download: Paper (PDF)
Date: 7 Feb 2012
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2012
Abstract:
Worms exploiting cross-site scripting (XSS) vulnerabilities rampantly infect millions of web pages in popular social networks. PathCutter is a new approach to severing the self-propagation path of XSS JavaScript worms that blocks the issuance of unauthorized HTTP requests by enforcing view separation to restrict DOM access across different client-side views.