Name
Title | ||
|---|---|---|
Xss Peeker: Dissecting The Xss Exploitation Techniques And Fuzzing Mechanisms Of Blackbox Web Application Scanners |
Abstract | ||
|---|---|---|
Black-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In this paper, we focus on this vulnerability class, and systematically explore 6 black-box scanners to uncover how they detect XSS vulnerabilities, and obtain useful insights to understand their limitations and design better detection methods. A novelty of our workflow is the retrofitting of the testbed so as to accommodate payloads that triggered no vulnerabilities in the initial set. This has the benefit of creating a systematic process to increase the number of test cases, which was not considered by previous testbed-driven approaches. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1007/978-3-319-33630-5_17 | ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, SEC 2016 |
Field | DocType | Volume |
Systematic process,Fuzz testing,Computer security,Computer science,Testbed,Cross-site scripting,Test case,Web application,Workflow,Scripting language | Conference | 471 |
ISSN | Citations | PageRank |
1868-4238 | 1 | 0.35 |
References | Authors | |
2 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Enrico Bazzoli | 1 | 1 | 0.69 |
| Claudio Criscione | 2 | 4 | 0.77 |
| Federico Maggi | 3 | 524 | 37.68 |
| Stefano Zanero | 4 | 736 | 53.78 |