A Dynamic Detection Technique for XSS Vulnerabilities

Submitted by aekwall on Mon, 12/16/2019 - 2:17pm

Title	A Dynamic Detection Technique for XSS Vulnerabilities
Publication Type	Conference Paper
Year of Publication	2018
Authors	Hou, Xin-Yu, Zhao, Xiao-Lin, Wu, Mei-Jing, Ma, Rui, Chen, Yu-Peng
Conference Name	2018 4th Annual International Conference on Network and Information Systems for Computers (ICNISC)
Keywords	attacks simulation, black box vulnerabilities detection, black-box testing, crawler module, Crawlers, Cross Site Scripting, cross-site scripting, cross-site scripting attack, cross-site scripting(XSS), detection tool, dynamic detection, dynamic detection process, feature extraction, Human Behavior, Internet, Linux, pubcrawl, python, Python language, resilience, Scalability, security of data, Servers, simulated attack, Testing, Tools, Uniform resource locators, Web applications, XSS vulnerabilities
Abstract	This paper studies the principle of vulnerability generation and mechanism of cross-site scripting attack, designs a dynamic cross-site scripting vulnerabilities detection technique based on existing theories of black box vulnerabilities detection. The dynamic detection process contains five steps: crawler, feature construct, attacks simulation, results detection and report generation. Crawling strategy in crawler module and constructing algorithm in feature construct module are key points of this detection process. Finally, according to the detection technique proposed in this paper, a detection tool is accomplished in Linux using python language to detect web applications. Experiments were launched to verify the results and compare with the test results of other existing tools, analyze the usability, advantages and disadvantages of the detection method above, confirm the feasibility of applying dynamic detection technique to cross-site scripting vulnerabilities detection.
DOI	10.1109/ICNISC.2018.00016
Citation Key	hou_dynamic_2018

Groups:

Science of Security VO