Objective "Code-injection attacks through Cross-Site Scripting (XSS) in the web browserhave observed a significant increase over the previous years. According to aSeptember-2009 report published by the SANS Institute, attacks against webapplications constitute more than 60% of the total attack attempts observed onthe Internet. Web application vulnerabilities such as SQL injection andCross-Site Scripting flaws in open-source as well as custom-built applicationsaccount for more than 80% of the vulnerabilities being discovered. In thisproject we propose the design and development of a prototype that can inspectpassively the network for extracting URLs that can potentially exploit a webapplication, through XSS. The detector assumes that all URLs that containparts that can produce a valid JavaScript syntax tree are consideredsuspicious. We will develop tools that identify text fragments of URLs,exchanged in the network, that produce a valid JavaScript syntax-tree of highdepth. These URLs are considered as possible XSS exploitation attempts." Fields of science natural sciencescomputer and information sciencesinternetnatural sciencescomputer and information sciencesdatabasesrelational databases Programme(s) FP7-PEOPLE - Specific programme "People" implementing the Seventh Framework Programme of the European Community for research, technological development and demonstration activities (2007 to 2013) Topic(s) FP7-PEOPLE-2010-IOF - Marie Curie Action: "International Outgoing Fellowships for Career Development" Call for proposal FP7-PEOPLE-2010-IOF See other projects for this call Funding Scheme MC-IOF - International Outgoing Fellowships (IOF) Coordinator IDRYMA TECHNOLOGIAS KAI EREVNAS EU contribution € 219 392,80 Address N PLASTIRA STR 100 70013 Irakleio Greece See on map Region Νησιά Αιγαίου Κρήτη Ηράκλειο Activity type Research Organisations Administrative Contact Evangelos Markatos (Prof.) Links Contact the organisation Opens in new window Website Opens in new window Total cost No data