Visible to the public A context-sensitive approach for precise detection of cross-site scripting vulnerabilities

TitleA context-sensitive approach for precise detection of cross-site scripting vulnerabilities
Publication TypeConference Paper
Year of Publication2014
AuthorsGupta, M.K., Govil, M.C., Singh, G.
Conference NameInnovations in Information Technology (INNOVATIONS), 2014 10th International Conference on
Date PublishedNov
KeywordsBrowsers, Context, cross-site scripting, cross-site scripting vulnerability, defensive programming based HTML context-sensitive approach, financial transaction, health services, HTML, hypermedia markup languages, Internet, invasive software, malicious operation, malicious user, Malware, precise detection, security, sensitive information, Servers, social communication, Software, software development life cycle, source code, source code (software), Standards, taint analysis, vulnerability detection, Web application, XSS Attacks, XSS vulnerability
Abstract

Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.

URLhttps://ieeexplore.ieee.org/document/6987553/
DOI10.1109/INNOVATIONS.2014.6987553
Citation Key6987553