Detecting Cross-Site Scripting Vulnerabilities through Automated Unit Testing

Mohammadi, Mahmoud; Chu, Bill; Lipford, Heather Richter

doi:10.1109/qrs.2017.46

Cited by 29 publications

(21 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research that has the most impact and uses advanced technology and is needed is OWASP so we use this research [6] [8] [19] [27]. Shepherd offers technology and support that is not inferior.…”

Section: Resultsmentioning

confidence: 99%

“…The by-product of this competitive game is the learned ability to harden the player's world from OWASP's top ten security threats. The modules have been developed to not only challenge security novices, but also security professionals [2] [6].…”

Section: Literature Reviewmentioning

confidence: 99%

“…Cross Site Scripting (XSS) attacks [3][4][5][6] are the most common vulnerabilities found in web applications. The injection occurs at the client-side by embedding a file.…”

Section: Cross Site Scripting (Xss)mentioning

confidence: 99%

See 2 more Smart Citations

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Wibowo

Sulaksono

2021

Indonesian J. of Inf. Syst.

View full text Add to dashboard Cite

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Wibowo

Sulaksono

2021

Indonesian J. of Inf. Syst.

View full text Add to dashboard Cite

show abstract

“…Mohammadi, Chu, and Lipford [13] developed a unit testing method to find XSS vulnerable in Web applications with improper encodings. They generated XSS attack vectors by using a grammar model, and they stated that their proposed technique is better than black-box fuzzing methods.…”

Section: Literature Workmentioning

confidence: 99%

Cross-site Scripting Research: A Review

Nagarjun¹,

Shakeel²

2020

IJACSA

View full text Add to dashboard Cite

Cross-site scripting is one of the severe problems in Web Applications. With more connected devices which uses different Web Applications for every job, the risk of XSS attacks is increasing. In Web applications, hacker steals victims session details or other important information by exploiting XSS vulnerabilities. We studied 412 research papers on cross-site scripting, which are published in between 2002 to 2019. Most of the existing XSS prevention methods are Dynamic analysis, Static analysis, Proxy based method, Filter based method etc. We categorized existing methods and discussed solutions presented on papers and discussed impact of XSS attacks, different defensive methods and research trends in XSS attacks.

show abstract

“…In terms of cross-site scripting vulnerability discovery, the research on XSS vulnerability discovery focuses on how to generate XSS attack vectors. Due to improper data encoding, Mohammadi M [11] proposed a grammar-based attack generator that automatically generates an XSS test case to evaluate cross-site scripting vulnerabilities in the target page. Duchene F et al [12] proposed a black-box fuzzy tester based on the genetic algorithm to generate malicious input detection XSS automatically, which was named KameleonFuzz.…”

Section: Related Workmentioning

confidence: 99%

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Fang

Huang

et al. 2019

Future Internet

View full text Add to dashboard Cite

With the development of artificial intelligence, machine learning algorithms and deep learning algorithms are widely applied to attack detection models. Adversarial attacks against artificial intelligence models become inevitable problems when there is a lack of research on the cross-site scripting (XSS) attack detection model for defense against attacks. It is extremely important to design a method that can effectively improve the detection model against attack. In this paper, we present a method based on reinforcement learning (called RLXSS), which aims to optimize the XSS detection model to defend against adversarial attacks. First, the adversarial samples of the detection model are mined by the adversarial attack model based on reinforcement learning. Secondly, the detection model and the adversarial model are alternately trained. After each round, the newly-excavated adversarial samples are marked as a malicious sample and are used to retrain the detection model. Experimental results show that the proposed RLXSS model can successfully mine adversarial samples that escape black-box and white-box detection and retain aggressive features. What is more, by alternately training the detection model and the confrontation attack model, the escape rate of the detection model is continuously reduced, which indicates that the model can improve the ability of the detection model to defend against attacks.

show abstract

Detecting Cross-Site Scripting Vulnerabilities through Automated Unit Testing

Cited by 29 publications

References 36 publications

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Cross-site Scripting Research: A Review

RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning

Contact Info

Product

Resources

About