A context-sensitive approach for precise detection of cross-site scripting vulnerabilities
Title | A context-sensitive approach for precise detection of cross-site scripting vulnerabilities |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Gupta, M.K., Govil, M.C., Singh, G. |
Conference Name | Innovations in Information Technology (INNOVATIONS), 2014 10th International Conference on |
Date Published | Nov |
Keywords | Browsers, Context, cross-site scripting, cross-site scripting vulnerability, defensive programming based HTML context-sensitive approach, financial transaction, health services, HTML, hypermedia markup languages, Internet, invasive software, malicious operation, malicious user, Malware, precise detection, security, sensitive information, Servers, social communication, Software, software development life cycle, source code, source code (software), Standards, taint analysis, vulnerability detection, Web application, XSS Attacks, XSS vulnerability |
Abstract | Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones. |
URL | https://ieeexplore.ieee.org/document/6987553/ |
DOI | 10.1109/INNOVATIONS.2014.6987553 |
Citation Key | 6987553 |
- precise detection
- XSS vulnerability
- XSS attacks
- Web application
- vulnerability detection
- taint analysis
- standards
- source code (software)
- source code
- software development life cycle
- Software
- social communication
- Servers
- sensitive information
- security
- Browsers
- malware
- malicious user
- malicious operation
- invasive software
- internet
- hypermedia markup languages
- HTML
- health services
- financial transaction
- defensive programming based HTML context-sensitive approach
- cross-site scripting vulnerability
- cross-site scripting
- Context