Detecting Cross-Site Scripting Vulnerability using Concolic Testing

Cross-Site Scripting (XSS) attack is a type of Web-based attack wherein a malicious script is executed (from an immediate injection or from a stored source) to steal information or gain unauthorized access to user/system resources. We propose a two-phase technique to detect XSS vulnerabilities and prevent XSS attacks. In the first phase, we translate the Web application to a language for which recently developed concolic testing tools are available. Our translation also identifies input and output variables that are used to generate test cases for determining input/output dependencies in the application. Dependencies indicate vulnerabilities in the application that can be potentially exploited when the application is deployed. In the second phase, based on the input/output dependencies determined in the first phase, we appropriately (automatically) instrument the application code by including monitors. The monitors check exploitation of vulnerabilities at runtime. In addition to being both as efficient and effective as the available XSS attack detection techniques, our two-phase method is also capable of identifying XSS vulnerabilities that occur due to (a) conditional copy (of inputs to outputs) and (b) construction of malicious string inputs from the concatenation of singularly benign inputs. We present a prototype implementation of our framework and demonstrate its effectiveness using non-trivial JSP Web applications.