ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Drakonakis, Kostas; Ioannidis, Sotiris; Polakis, Jason

doi:10.14722/ndss.2023.24169

Cited by 3 publications

(8 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The experiment described below was conducted to verify the validity of our similarity analysis method and identify the ideal weight distribution and threshold for our web page similarity analysis method. Inspired by the study of Kostas et al [17], we built the test data set using posts in WordPress. In total, we prepared the following three data sets, two of which consisted of pages we manually compiled:…”

Section: Similarity Analysis Capabilitiesmentioning

confidence: 99%

“…Consequently, this paper abstained from conducting an experimental comparison of this method type. We compared the similarity analysis method proposed in this paper with state-of-the-art similarity analysis methods, including NDD (Normalized DOM-edit Distance) and mNDD [17].…”

Section: Javascriptmentioning

confidence: 99%

“…It then establishes the difference between two trees by computing the edit distance. The mNDD method, a variant of NDD, was proposed by Kostas et al [17]. In the process of constructing corresponding trees from the DOMs of pages, mNDD recursively discards leaf nodes devoid of functionality (e.g., tags for line breaks, paragraphs, spans, divs, or font formatting) while preserving nodes associated with functionality (e.g., scripts, forms, iframes, buttons, and inputs).…”

Section: Javascriptmentioning

confidence: 99%

“…In this context, a smaller edit distance between two page states implies a higher degree of similarity between them. We obtained the NDD and mNDD algorithms from the open-source projects of Vissers et al [16] and Kostas et al [17] for the experimental evaluation.…”

Section: Javascriptmentioning

confidence: 99%

“…We conduct extensive experiments to verify the effectiveness of APIMiner by comparing it with state-of-the-art methods such as NDD [16] and mNDD [17]. The experimental results demonstrate that our method surpasses existing state-of-the-art methods in accurately and finely distinguishing between similar and dissimilar pages.…”

Section: Introductionmentioning

confidence: 96%

See 4 more Smart Citations

APIMiner: Identifying Web Application APIs Based on Web Page States Similarity Analysis

Chen,

Lu,

Pan

et al. 2024

Electronics

View full text Add to dashboard Cite

Modern web applications offer various APIs for data interaction. However, as the number of these APIs increases, so does the potential for security threats. Essentially, more APIs in an application can lead to more detectable vulnerabilities. Thus, it is crucial to identify APIs as comprehensively as possible in web applications. However, this task faces challenges due to the increasing complexity of web development techniques and the abundance of similar web pages. In this paper, we propose APIMiner, a framework for identifying APIs in web applications by dynamically traversing web pages based on web page state similarity analysis. APIMiner first builds a web page model based on the HTML elements of the current web page. APIMiner then uses this model to represent the state of the page. Then, APIMiner evaluates each element’s similarity in the page model and determines the page state similarity based on these similarity values. From the different states of the page, APIMiner extracts the data interaction APIs on the page. We conduct extensive experiments to evaluate APIMiner’s effectiveness. In the similarity analysis, our method surpasses state-of-the-art methods like NDD and mNDD in accurately distinguishing similar pages. We compare APIMiner with state-of-the-art tools (e.g., Enemy of the State, Crawlergo, and Wapiti3) for API identification. APIMiner excels in the number of identified APIs (average 1136) and code coverage (average 28,470). Relative to these tools, on average, APIMiner identifies 7.96 times more APIs and increases code coverage by 142.72%.

show abstract

Section: Similarity Analysis Capabilitiesmentioning

confidence: 99%

Section: Javascriptmentioning

confidence: 99%

Section: Javascriptmentioning

confidence: 99%

Section: Javascriptmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

See 3 more Smart Citations

APIMiner: Identifying Web Application APIs Based on Web Page States Similarity Analysis

Chen,

Lu,

Pan

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications

Shi,

Zhang,

Bai

et al. 2024

Proceedings of the ACM Web Conference 2024

View full text Add to dashboard Cite

State-Sensitive Black-Box Web Application Scanning for Cross-Site Scripting Vulnerability Detection

Zhang

Huang

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

Black-box web application scanning has been a popular technique to detect Cross-Site Scripting (XSS) vulnerabilities without prior knowledge of the application. However, several limitations lead to low efficiency of current black-box scanners, including (1) the scanners waste time by repetitively visiting similar states, such as similar HTML forms of two different products, and (2) using a First-In-First-Out (FIFO) fuzzing order for the collected forms has led to low efficiency in detecting XSS vulnerabilities, as different forms have different potential possibilities of XSS vulnerability. In this paper, we present a state-sensitive black-box web application scanning method, including a filtering method for excluding similar states and a heuristic ranking method for optimizing the fuzzing order of forms. The filtering method excludes similar states by comparing readily available characteristic information that does not require visiting the states. The ranking method sorts forms based on the number of injection points since it is commonly observed that forms with a greater number of injection points have a higher probability of containing XSS vulnerabilities. To demonstrate the effectiveness of our scanning method, we implement it in our black-box web scanner and conduct experimental evaluations on eight real-world web applications within a limited scanning time. Experimental results demonstrate that the filtering method improves the code coverage about 17% on average and the ranking method helps detect 53 more XSS vulnerabilities. The combination of the filtering and ranking methods helps detect 81 more XSS vulnerabilities.

show abstract

ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Cited by 3 publications

References 38 publications

APIMiner: Identifying Web Application APIs Based on Web Page States Similarity Analysis

APIMiner: Identifying Web Application APIs Based on Web Page States Similarity Analysis

RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications

State-Sensitive Black-Box Web Application Scanning for Cross-Site Scripting Vulnerability Detection

Contact Info

Product

Resources

About