Virtual running of vehicle trajectories for automatic map generation

Park, Jinkwan; Kim, Tae-Yong; Park, Bokuk; Cho, Hwan-Gue

doi:10.1145/2851613.2851712

Cited by 2 publications

(1 citation statement)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Web application scanning has received considerable attention from the research community through the years, as both blackbox [25], [31], [19], [49], [22], [55], [54] and white-or grey-box [28], [14], [26], [30], [37], [60], [52], [29], [53], [45] techniques have been proposed and thoroughly evaluated. Moreover, several studies have carried out extensive comparisons between black-box vulnerability scanners [15], [20], [61], [58], [46], collectively agreeing that such tools suffer from certain core limitations, such as detecting and correctly modelling all injection points, replaying the necessary steps to perform an injection, or their inadequacy on persisting the authentication state.…”

Section: Related Workmentioning

confidence: 99%

ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Drakonakis¹,

Ioannidis²,

Polakis³

2023

Proceedings 2023 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Black-box web vulnerability scanners are invaluable for security researchers and practitioners. Despite recent approaches tackling some of the inherent limitations of scanners, many have not sufficiently evolved alongside web browsers and applications, and often lack the capabilities for handling the inherent challenges of navigating and interacting with modern web applications. Instead of building an alternative scanner that could naturally only incorporate a limited set of the wide range of vulnerability-finding capabilities offered by the multitude of existing scanners, in this paper we propose an entirely different strategy. We present ReScan, a scanner-agnostic middleware framework that transparently enhances scanners' capabilities by mediating their interaction with web applications in a realistic and robust manner, using an orchestrated, fully-fledged modern browser. In essence, our framework can be used in conjunction with any vulnerability scanner, thus allowing users to benefit from the capabilities of existing and future scanners. Our extensible and modular framework includes a collection of enhancement techniques that address limitations and obstacles commonly faced by state-ofthe-art scanners. Our experimental evaluation demonstrates that despite the considerable (and expected) overhead introduced by a fully-fledged browser, our framework significantly improves the code coverage achieved by popular scanners (168% on average), resulting in a 66% and 161% increase in the number of reflected and stored XSS vulnerabilities detected, respectively.

show abstract