PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks

Author(s): Yinzhi Cao, Vinod Yegneswaran, Phillip Porras and Yan Chen

Download: Paper (PDF)

Date: 7 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012

Abstract:

Worms exploiting cross-site scripting (XSS) vulnerabilities rampantly infect millions of web pages in popular social networks. PathCutter is a new approach to severing the self-propagation path of XSS JavaScript worms that blocks the issuance of unauthorized HTTP requests by enforcing view separation to restrict DOM access across different client-side views.