Detecting and Preventing Security Threats on Servers and Browsers
Mr. Nandish. U. G; Dr. Balakrishna. R; Mr. Naveen. L; Mr. Anand Kumar K. S
Our reliance on web based services
through browsers for everyday life activities has
increased over the years. Everyday new vulnerabilities
are found in what was previously believed to be secure
applications, unlocking new risks and security hazards
that can be exploited by malicious advertisers or
intruders compromising the security of systems. Using
cross site scripting techniques intruders can hijack web
sessions and craft credible phishing sites. Similarly,
intruders may harm the server by uploading malicious
executables and batch files. On the other hand the java
script code downloaded into browser can attack client
machines to steal user’s credentials (XSS attacks) and
lure users into providing sensitive information to
unauthorized parties (Phishing attacks).
It is proposed here a model detecting and preventing
malicious files and cross site scripting attacks based on
monitoring JavaScript code execution and comparing
the execution to high level policies, to detect malicious
code behavior. The solution also protects the servers
from dangerous DOS commands and executable files.
The model follows an approach similar to hackers and
security analyst to discover vulnerabilities in networkconnected
web servers. It uses both manually and
automatically generated rules to mitigate possible cross
site scripting attacks. The work undertaken covers the
solutions preventing client machines from stealing
user’s credentials by using cookies hijacking as well as
preventing the browsers from crash.