Skip to main content
Go to the home page of the European Commission (opens in new window)
English English
CORDIS - EU research results
CORDIS
Content archived on 2024-06-18

XHUNTER: Tracking XSS on the Net

Objective

"Code-injection attacks through Cross-Site Scripting (XSS) in the web browser
have observed a significant increase over the previous years. According to a
September-2009 report published by the SANS Institute, attacks against web
applications constitute more than 60% of the total attack attempts observed on
the Internet. Web application vulnerabilities such as SQL injection and
Cross-Site Scripting flaws in open-source as well as custom-built applications
account for more than 80% of the vulnerabilities being discovered. In this
project we propose the design and development of a prototype that can inspect
passively the network for extracting URLs that can potentially exploit a web
application, through XSS. The detector assumes that all URLs that contain
parts that can produce a valid JavaScript syntax tree are considered
suspicious. We will develop tools that identify text fragments of URLs,
exchanged in the network, that produce a valid JavaScript syntax-tree of high
depth. These URLs are considered as possible XSS exploitation attempts."

Fields of science (EuroSciVoc)

CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.

You need to log in or register to use this function

Call for proposal

FP7-PEOPLE-2010-IOF
See other projects for this call

Coordinator

IDRYMA TECHNOLOGIAS KAI EREVNAS
EU contribution
€ 219 392,80
Address
N PLASTIRA STR 100
70 013 IRAKLEIO
Greece

See on map

Region
Νησιά Αιγαίου Κρήτη Ηράκλειο
Activity type
Research Organisations
Links
Total cost
No data
My booklet 0 0