Title | ||
---|---|---|
Xss Peeker: Dissecting The Xss Exploitation Techniques And Fuzzing Mechanisms Of Blackbox Web Application Scanners |
Abstract | ||
---|---|---|
Black-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In this paper, we focus on this vulnerability class, and systematically explore 6 black-box scanners to uncover how they detect XSS vulnerabilities, and obtain useful insights to understand their limitations and design better detection methods. A novelty of our workflow is the retrofitting of the testbed so as to accommodate payloads that triggered no vulnerabilities in the initial set. This has the benefit of creating a systematic process to increase the number of test cases, which was not considered by previous testbed-driven approaches. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-319-33630-5_17 | ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, SEC 2016 |
Field | DocType | Volume |
Systematic process,Fuzz testing,Computer security,Computer science,Testbed,Cross-site scripting,Test case,Web application,Workflow,Scripting language | Conference | 471 |
ISSN | Citations | PageRank |
1868-4238 | 1 | 0.35 |
References | Authors | |
2 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Enrico Bazzoli | 1 | 1 | 0.69 |
Claudio Criscione | 2 | 4 | 0.77 |
Federico Maggi | 3 | 524 | 37.68 |
Stefano Zanero | 4 | 736 | 53.78 |