1. Field of the Invention
The present invention generally relates to computer and end-user device security from malicious software transmitted by entities over the Internet. More specifically, it relates to detecting and preventing Cross-site scripting attacks on such devices.
2. Description of the Related Art
Cross-site scripting (XSS) is a type of computer and IP-enabled device security vulnerability typically found in Web applications and content which allows malicious attackers to inject code, such as HTML code or client-side script code (e.g., JavaScript), into the source code of Web pages viewed and downloaded by users. For example, by incorporating JavaScript code into a Web page's source code, a Web server is able to send executable code to a browser. Such script code may be manipulated, e.g. altered or replaced, by malicious attackers to cause harm to or invade a user's computing device, for example, stealing the user's private or sensitive information, when the script code is executed in the user's browser.
Downloading content from Web sites into browsers running on end-user devices, such as PCs and cell phones, is becoming increasingly popular. This content may have “holes” or vulnerabilities that allow malicious parties to inject executable code into the content without the owner or operator of the content knowing that it is being done. When a user downloads this content into his or her browser, the executable code runs on the user's device and transmits data about the user, such as cookie data, to the attacker's Web server. In this manner, a wealth of information about the user, such as personal preferences, account numbers, contact information, and the like, may be obtained by unauthorized parties. The term Cross-site scripting derives its name from the fact that a user obtains content from one Web site, typically a legitimate, known site, and by downloading the content into the user's browser, sends sensitive, private information to another, unknown site, thus the user is unwittingly cross communicating with two different sites.
Techniques for dealing with XSS attacks include using a Web Reputation System (WRS) which uses a Web site reputation mechanism that users can use to prevent visiting harmful Web sites or sites that have experiences XSS attacks and other malicious interference. However, WRS does not prevent Web sites with good reputations from being infected with malicious script. Furthermore, it is not granular in that it gives an entire Web site a poor rating even if a majority of the pages at the site is not harmful nor has been and only a few pages have been infected with XSS attacks. In these cases, all the content is given a poor rating.
Another tool used is URL filtering engines, such as the TMUFE product from Trend Micro, Inc. of Cupertino, Calif. Such URL filtering engines block malicious domains and URLs, but are not effective in detecting XSS vulnerabilities in Web sites, nor are they able to detect data leakage from a user's device resulting from executing script code unexpectedly inserted in downloaded Web content. Another method that has been used to detect and prevent XSS attacks is filtering that enable applications to filter out invalid input or encode special characters, such as encoding all “user-supplied HTML special characters”, thereby preventing these special characters from being interpreted as HTML. However, filtering has also fallen short of detecting various types of injected script code and preventing sensitive information from a user's device from being transmitted to unauthorized Web sites.