Abstract:
Nearly every Web application faces the threat of code injection such as XSS(cross-site scripting) and SQL injection. This flaw occurs when a Web application takes the data originated from a user without validating or encoding the content, and makes malicious input run as part of database query or script in response Web page, which causes destruction of data integrity or user privacy leakage. In order to counteract this trend, we present a literal tainting method for Web application and argue that it is an efficient and easy-to-deploy solution for preventing such attacks. This approach involves hardening the server-side script with customizable security filtering policy for full prevention of code injection attacks. Although instrumentation to the Web application is needed, we will show that the process is fully automated and sound so that the approach is practical even for large Web applications. After preliminary experiments of several real world PHP applications with prototype tool PHPHard system implementing the techniques, we find that the literal tainting method can prevent XSS successfully by removing the evil script injection code. In comparison with the traditional taint propagation methods. It shows many advantages both in precision and effectivity while only causing fairly acceptable overhead.