A XSS vulnerability detection approach based on simulating browser behavior - Details

Author：

Liu, Y. (Liu, Y..) | Zhao, W. (Zhao, W..) | Wang, D. (Wang, D..) | Fu, L. (Fu, L..)

Indexed by：

Scopus

Abstract：

This　paper　presents　a　dynamic　detection　method　based　on　simulating　browser　behavior,　and　designs　a　web　crawler　based　on　a　headless　browser,　which　can　interpret　the　JavaScript　code　and　retrieve　Ajax　content　to　find　the　hidden　injection　points　in　pages,　with　full　consideration　of　the　web　pages　containing　complex　scripts　under　Web　2.0　environment.　In　implementation,　this　paper　uses　dynamic　analysis　in　XSS　vulnerability　detection　by　examining　the　runtime　behavior　of　web　application,　and　decide　whether　the　XSS　vulnerability　exists　with　black-box　test.　The　experiment　results　prove　that　this　method　works.　©　2015　IEEE.

Keyword：

Black-box test; Crawler; Simulating Browser; XSS vulnerability

Author Community：

[ 1 ] [Liu, Y.]College of Computer Science, Beijing University of Technology, Beijing, 100124, China
[ 2 ] [Zhao, W.]College of Computer Science, Beijing University of Technology, Beijing, 100124, China
[ 3 ] [Wang, D.]College of Computer Science, Beijing University of Technology, Beijing, 100124, China
[ 4 ] [Fu, L.]College of Computer Science, Beijing University of Technology, Beijing, 100124, China

Reprint Author's Address：

Email：

Show more details

Related Keywords：

Source ：

2015 IEEE 2nd International Conference on InformationScience and Security, ICISS 2015

Year： 2016

Language： English

Cited Count：

WoS CC Cited Count： 0

SCOPUS Cited Count： 6

ESI Highly Cited Papers on the List： 0 Unfold All

WanFang Cited Count：

Chinese Cited Count：

30 Days PV： 7

Affiliated Colleges：

信息科学技术学院本学院/部未明确归属的数据

Get Fulltext

DOI Library Discovery Baidu Scholar Search SCOPUS

Type
Departments

All Years Choose Year From to