Towards security testing with taint analysis and genetic algorithms

Avancini, Andrea; Ceccato, Mariano

doi:10.1145/1809100.1809110

Cited by 40 publications

(33 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With regards to the PHP web application, Andrea and Mariano [11] recommended a methodology to locate reflected XSS vulnerability without doing away with it. This methodology was further enhanced by Moataz and Fakhreldin www.ijacsa.thesai.org [10] for determining all three kinds of XSS vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

“…This methodology was further enhanced by Moataz and Fakhreldin www.ijacsa.thesai.org [10] for determining all three kinds of XSS vulnerabilities. However, the methodology by Andrea and Mariano [11] intends to locate only reflected XSS vulnerability without putting the genetic mutation operator to its best use. On the other hand, the methodology by Moataz and Fakhreldin [10] further enhanced the one offered by Andrea and Mariano [11] by utilising the database of XSS patterns for revealing the probable XSS vulnerabilities: stored, reflected, and DOMbased XSS.…”

Section: Related Workmentioning

confidence: 99%

“…Although there are several methodologies employed for detecting XSS vulnerability [7,10,11,12,16,17], the threats of XSS continue to persist. Thus, the aim of this paper is to enhance the detection methodologies by eradicating the infeasible paths, thereby reducing the false positive rate of locating XSS vulnerability.…”

Section: Related Workmentioning

confidence: 99%

“…However, it has not been sufficiently exploited for PHP web security testing. GA was espoused by Andrea et al and Moataz et al [10,11]. Notably, the methodology by Andrea and Mariano [11] intends to find out only the reflected XSS vulnerability without utilising the genetic mutation operator to the best of its ability.…”

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

“…Consequently, genetic algorithm ventured into the software testing arena by generating test cases for scrutinising the software security. This kind of algorithm offers solutions to determine XSS vulnerability with a lower false positive rate [3,10,11]. Within the Java web application framework, the genetic algorithm locates the entire XSS vulnerability devoid of any false positive rate in the outcomes [3].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Marashdih¹,

Zaaba²,

Omer³

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Cross site scripting (XSS) is one of the major threats to the web application security, where the research is still underway for an effective and useful way to analyse the source code of web application and removes this threat. XSS occurs by injecting the malicious scripts into web application and it can lead to significant violations at the site or for the user. Several solutions have been recommended for their detection. However, their results do not appear to be effective enough to resolve the issue. This paper recommended a methodology for the detection of XSS from the PHP web application using genetic algorithm (GA) and static analysis. The methodology enhances the earlier approaches of determining XSS vulnerability in the web application by eliminating the infeasible paths from the control flow graph (CFG). This aids in reducing the false positive rate in the outcomes. The results of the experiments indicated that our methodology is more effectual in detecting XSS vulnerability from the PHP web application compared to the earlier studies, in terms of the false positive rates and the concrete susceptible paths determined by GA Generator.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Marashdih¹,

Zaaba²,

Omer³

2017

ijacsa

View full text Add to dashboard Cite

show abstract

A mutation framework for evaluating security analysis tools in IoT applications

Alalfi

Parveen

Nazzal

2021

Software Testing Verif & Rel

View full text Add to dashboard Cite

With the growing and widespread use of Internet of Things (IoT) in our daily life, its security is becoming more crucial. To ensure information security, we require better security analysis tools for IoT applications. Hence, this paper presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications. First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity. Then we developed mutators to automatically generate mutants for those types. We demonstrated the framework on a subset of mutational operators to evaluate three taint-flow analysers, SaINT, Taint-Things and FlowsMiner. Our framework and experiments ranked the taint analysis tools according to precision and recall as follows: Taint-Things (99% recall, 100% precision), FlowsMiner (100% recall, 87.6% precision) and SaINT (100% recall, 56.8% precision). To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.

show abstract

Detection of DOM-Based XSS Attack on Web Application

Ninawe

Wajgi

2019

Intelligent Communication Technologies and Virtual Mobile Networks

View full text Add to dashboard Cite

Towards security testing with taint analysis and genetic algorithms

Cited by 40 publications

References 15 publications

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

A mutation framework for evaluating security analysis tools in IoT applications

Detection of DOM-Based XSS Attack on Web Application

Contact Info

Product

Resources

About