ETSSDetector: a tool to automatically detect Cross-Site Scripting vulnerabilities

被引：12

作者：

Rocha, Thiago S. ^{[1
]}

Souto, Eduardo ^{[1
]}

机构：

[1] Univ Fed Amazonas, Inst Comp, Manaus, Amazonas, Brazil

来源：

2014 IEEE 13TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA 2014) | 2014年

关键词：

Cross-Site Scripting; ETSSDetector; vulnerabilities;

D O I：

10.1109/NCA.2014.53

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting (XSS) attacks. In this work, we developed ETSSDetector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSSDetector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.

引用

页码：306 / 309

页数：4

共 14 条

[1]

[Anonymous], WEBS SEC AC WEB VULN

[2]

Bau J., 2010, IEEE S SEC PRIV VULN, P2

[3]

Doupe A., 2010, 7 C DET INTR MALW VU, P1

[4]

Duchène F, 2013, WORK CONF REVERSE EN, P252, DOI 10.1109/WCRE.2013.6671300

[5]

Grossman J., 2007, CROSS SITE SCRIPTING, P67

[6]

Jia X, 2006, THESIS DARMSTADT U T

[7] Pixy: A static analysis tool for detecting Web application vulnerabilities - (Short paper) [J].

Jovanovic, Nenad ;

Kruegel, Christopher ;

Kirda, Engin .

2006 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2006, :258-+

[8]

Kosuga Y, 2011, THESIS SCH SCI OPEN

[9]

McAllister S., 2008, ASS C 2008 20 21 NOV, P1

[10]

N-Stalker, 2014, N STALK WEB SEC SPEC

← 1 2 →