Detecting cross site scripting vulnerabilities introduced by HTML5
| Title | Detecting cross site scripting vulnerabilities introduced by HTML5 |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Guowei Dong, Yan Zhang, Xin Wang, Peng Wang, Liangkun Liu |
| Conference Name | Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on |
| Date Published | May |
| Keywords | attack surface, cross site scripting vulnerability detection, dynamic detection, dynamic XSS vulnerability detection tool, HTML5, hypermedia markup languages, Internet, security of data, systematic analysis, Web sites, Web standard, Webmail system, XSS attack surface, XSS attack vectors, XSS test vector repository |
| Abstract | Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5. |
| DOI | 10.1109/JCSSE.2014.6841888 |
| Citation Key | 6841888 |
- attack surface
- cross site scripting vulnerability detection
- dynamic detection
- dynamic XSS vulnerability detection tool
- HTML5
- hypermedia markup languages
- internet
- security of data
- systematic analysis
- Web sites
- Web standard
- Webmail system
- XSS attack surface
- XSS attack vectors
- XSS test vector repository