2012 IEEE Fifth International Conference on Software Testing, Verification and Validation 2012
DOI: 10.1109/icst.2012.181
|View full text |Cite
|
Sign up to set email alerts
|

XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing

Abstract: Workshop website: http://www.spacios.eu/sectest2012/International audienceWe present an approach to detect web injection vulnerabilities by generating test inputs using a combination of model inference and evolutionary fuzzing. Model inference is used to obtain a knowledge about the application behavior. Based on this understanding, inputs are generated using genetic algorithm (GA). GA uses the learned formal model to automatically generate inputs with better fitness values towards triggering an instance of th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
34
0

Year Published

2013
2013
2021
2021

Publication Types

Select...
4
3
2

Relationship

1
8

Authors

Journals

citations
Cited by 57 publications
(35 citation statements)
references
References 8 publications
0
34
0
Order By: Relevance
“…In the latter the authors introduce the application of model-based testing and in [24], [25], [26] the authors discuss further applications of fuzz testing to the security domain. In contrast to these previous research articles we focus on models of attack patterns for testing instead of models of the SUT.…”
Section: Related Workmentioning
confidence: 99%
“…In the latter the authors introduce the application of model-based testing and in [24], [25], [26] the authors discuss further applications of fuzz testing to the security domain. In contrast to these previous research articles we focus on models of attack patterns for testing instead of models of the SUT.…”
Section: Related Workmentioning
confidence: 99%
“…A novel system for detecting XSS vulnerability was designed based on model inference and evolutionary fuzzing [25].…”
Section: Related Workmentioning
confidence: 99%
“…Doing this, you introduce a bias in the efficiency of the attacks. Attacks should be tailored to the injection point to be effective like in Duchene et al approach [22]; otherwise, depending on the injection point, your XSS attack can be rendered useless (while with the same vector, an attacker can succeed). Most of XSS research works focus either on detection of XSS attacks [1], [3], or on finding XSS vulnerabilities [23], [24].…”
Section: Related Workmentioning
confidence: 99%
“…Undermining the influence of charset, doctype and browser behavior in an xss attack can lead to false positives in web application vulnerability scanners. Some testing strategies rely on one instrumented web browser [22], [27] to assess XSS Vulnerabilities, thus ignoring vulnerabilities related to XSS vectors bound to a specific web browser. The only exception in this topic is the xenotix XSS testing tool [28] wich embeds 3 different browser engines (Trident from IE, Webkit from Chrome/Safari and Gecko from Firefox) to deal with browserspecific XSS vectors.…”
Section: Related Workmentioning
confidence: 99%