Publication Date

Fall 2014

Degree Type

Master's Project

Degree Name

Master of Science (MS)


Computer Science

First Advisor

Thomas Austin

Second Advisor

Mark Stamp

Third Advisor

Chris Tseng


SQL injection XSS Denial of Service Clickjacking web application firewall


Computer security is an ongoing issue and attacks are growing more sophisit- cated. One category of attack utilizes cross-site scripting (XSS) to extract confiden- tial data such as a user’s login credential’s without the knowledge of either the user nor the web server by utilizing vulnerabilities on web pages and internet browsers. Many people develop their own web applications without learning about or having good coding practices or security in mind. Web application firewalls are able to help but can be enhanced to be more effective than they currently are at detecting re- flected XSS attacks by analyzing the request and response data sent between the web application by a user’s browser to more quickly determine if a reflected XSS attack is being attempted. Spartan Web Application Firewall is designed to do this efficiently without being limited to requiring users to be using a specific web browser or web browser plug-in.