ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities
| Title | ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Rocha, T.S., Souto, E. |
| Conference Name | Network Computing and Applications (NCA), 2014 IEEE 13th International Symposium on |
| Date Published | Aug |
| Keywords | Browsers, cross-site scripting, cross-site scripting vulnerabilities, data mining, Databases, ETSS Detector, ETSSDetector, Filling, interactive systems, interactivity, Internet, Qualifications, security, security of data, Testing, vulnerabilities, Web applications, XSS Attacks |
| Abstract | The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks. |
| DOI | 10.1109/NCA.2014.53 |
| Citation Key | 6924244 |