Auto-patching DOM-based XSS at scale

Parameshwaran, Inian; Budianto, Enrico; Shinde, Shweta; Dang, Hung; Sadhu, Atul; Saxena, Prateek

doi:10.1145/2786805.2786821

Cited by 19 publications

(6 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other work, building upon a system for detecting DOM XSS vulnerabilities using browser-agnostic taint tracking [29], provided a method to track taint information and inject an extension that sanitizes injected strings at run time just before those strings are inserted into the sensitive sink functions [28]. The browser-agnostic framework allows detecting vulnerabilities that are specific to certain browsers; however, such vulnerabilities account for a small fraction of all vulnerabilities [29].…”

Section: Finding Dom Xss Vulnerabilities Using Taint Trackingmentioning

confidence: 99%

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Melicher

Das

Sharif

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript applications become more widespread, DOM (Document Object Model) XSS vulnerabilities-a type of XSS vulnerability where the vulnerability is located in client-side JavaScript, rather than server-side code-are becoming more common. As the first contribution of this work, we empirically assess the impact of DOM XSS on the web using a browser with taint tracking embedded in the JavaScript engine. Building on the methodology used in a previous study that crawled popular websites, we collect a current dataset of potential DOM XSS vulnerabilities. We improve on the methodology for confirming XSS vulnerabilities, and using this improved methodology, we find 83% more vulnerabilities than previous methodology applied to the same dataset. As a second contribution, we identify the causes of and discuss how to prevent DOM XSS vulnerabilities. One example of our findings is that custom HTML templating designs-a design pattern that could prevent DOM XSS vulnerabilities analogous to parameterized SQL-can be buggy in practice, allowing DOM XSS attacks. As our third contribution, we evaluate the error rates of three static-analysis tools to detect DOM XSS vulnerabilities found with dynamic analysis techniques using in-the-wild examples. We find static-analysis tools to miss 90% of bugs found by our dynamic analysis, though some tools can have very few false positives and at the same time find vulnerabilities not found using the dynamic analysis.

show abstract

Section: Finding Dom Xss Vulnerabilities Using Taint Trackingmentioning

confidence: 99%

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Melicher

Das

Sharif

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Similarly to server-side defences, taint-tracking has been applied at the client-side: DexterJS provides a robust, browserindependent platform for auto-patching DOM-based XSS [32,33]. While this approach effectively defends against a large number of attacks automatically, it only covers a subset of possible XSS attack.…”

Section: Related Workmentioning

confidence: 99%

Precise XSS detection and mitigation with Client-side Templates

Pazos,

Legare,

Beschastnikh

et al. 2020

Preprint

View full text Add to dashboard Cite

We present XSnare, a fully client-side Cross-Site Scripting (XSS) solution, implemented as a Firefox extension. Our approach takes advantage of available previous knowledge of a web application's HTML template content, as well as the rich context available in the DOM to block XSS attacks. XSnare prevents XSS exploits by using a database of exploit descriptions, which are written with the help of previously recorded CVEs. CVEs for XSS are widely available and are one of the main ways to tackle zero-day exploits. XSnare effectively singles out potential injection points for exploits in the HTML and sanitizes content to prevent malicious payloads from appearing in the DOM.XSnare can protect application users before application developers release patches and before server operators apply them.We evaluated XSnare on 81 recent CVEs related to XSS attacks, and found that it defends against 94.2% of these exploits. To the best of our knowledge, XSnare is the first protection mechanism for XSS that is application-specific, and based on publicly available CVE information. We show that XSnare's specificity protects users against exploits which evade other, more generic, anti-XSS approaches.Our performance evaluation shows that our extension's overhead on web page loading time is less than 10% for 72.6% of the sites in the Moz Top 500 [1] list. * Dr. Aiello has provided crucial expert advice and insight in the early stages of the project. We miss him dearly.

show abstract

“…Parsing Java Script codes on the client-side can crawl pages in Ajax applications [31]. The crawled XSS vulnerabilities can be automatically repaired [32].Analyzing the source codes of Web applications may find more injection points than the crawling method [12].…”

Section: Key Technologies Of Xss Attack Detection Injection Point Anamentioning

confidence: 99%

Review of XSS Attack and Detection on Web Applications

Zhao¹,

Wang²,

Ding³

2017

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

View full text Add to dashboard Cite

Abstract. Aiming at the difficulties to prevent Web applications to be maliciously injected which are increased by all kinds of dynamic Web technologies applied, concentrate on XSS attack, this paper reviews the research progresses of Web application injection vulnerabilities detection in recent years. It summarizes the classification and causes of the XSS injection security vulnerabilities, analyzes the complexity of security vulnerabilities detection; then proposes the key technologies of the existing detection approached, including analyzing and identifying the injection points, injection detection by software analysis and testing, symbolic execution, taint analysis; finally presents its future development direction.

show abstract

Auto-patching DOM-based XSS at scale

Cited by 19 publications

References 29 publications

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Precise XSS detection and mitigation with Client-side Templates

Review of XSS Attack and Detection on Web Applications

Contact Info

Product

Resources

About