Visible to the public A Practical Exercise System Using Virtual Machines for Learning Cross-Site Scripting Countermeasures

TitleA Practical Exercise System Using Virtual Machines for Learning Cross-Site Scripting Countermeasures
Publication TypeConference Paper
Year of Publication2020
AuthorsKishimoto, K., Taniguchi, Y., Iguchi, N.
Conference Name2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan)
KeywordsBrowsers, computer science education, Cross Site Scripting, cross-site scripting, Human Behavior, Internet, learning cross-site scripting, online front-ends, practical exercise system, pubcrawl, public domain software, resilience, Resiliency, Scalability, security of data, Software, Tools, virtual machines, Virtual machining, Web applications, Web browser, Web Browser Security, Web pages, Web server, Web servers, XSS Attacks, XSS countermeasures
Abstract

Cross-site scripting (XSS) is an often-occurring major attack that developers should consider when developing web applications. We develop a system that can provide practical exercises for learning how to create web applications that are secure against XSS. Our system utilizes free software and virtual machines, allowing low-cost, safe, and practical exercises. By using two virtual machines as the web server and the attacker host, the learner can conduct exercises demonstrating both XSS countermeasures and XSS attacks. In our system, learners use a web browser to learn and perform exercises related to XSS. Experimental evaluations confirm that the proposed system can support learning of XSS countermeasures.

DOI10.1109/ICCE-Taiwan49838.2020.9258195
Citation Keykishimoto_practical_2020