| Title | Adaptive Random Testing for XSS Vulnerability |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Lv, Chengcheng, Zhang, Long, Zeng, Fanping, Zhang, Jian |
| Conference Name | 2019 26th Asia-Pacific Software Engineering Conference (APSEC) |
| Keywords | adaptive random testing, ART method, black-box testing tools, Browsers, common vulnerabilities, Cross Site Scripting, cross-site scripting, fuzzing, fuzzing method, headless browser, Human Behavior, Internet, open source vulnerable benchmarks, Payloads, program testing, pubcrawl, public domain software, Resiliency, Scalability, security of data, Subspace constraints, Tools, Web applications, Web sites, XSS testing tool, XSS vulnerability |
| Abstract | XSS is one of the common vulnerabilities in web applications. Many black-box testing tools may collect a large number of payloads and traverse them to find a payload that can be successfully injected, but they are not very efficient. And previous research has paid less attention to how to improve the efficiency of black-box testing to detect XSS vulnerability. To improve the efficiency of testing, we develop an XSS testing tool. It collects 6128 payloads and uses a headless browser to detect XSS vulnerability. The tool can discover XSS vulnerability quickly with the ART(Adaptive Random Testing) method. We conduct an experiment using 3 extensively adopted open source vulnerable benchmarks and 2 actual websites to evaluate the ART method. The experimental results indicate that the ART method can effectively improve the fuzzing method by more than 27.1% in reducing the number of attempts before accomplishing a successful injection. |
| DOI | 10.1109/APSEC48747.2019.00018 |
| Citation Key | lv_adaptive_2019 |
Adaptive Random Testing for XSS Vulnerability