DocumentCode :
121060
Title :
ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities
Author :
Rocha, Thiago S. ; Souto, Eduardo
Author_Institution :
Inst. of Comput., Fed. Univ. of Amazonas, Manaus, Brazil
fYear :
2014
fDate :
21-23 Aug. 2014
Firstpage :
306
Lastpage :
309
Abstract :
The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.
Keywords :
Internet; interactive systems; security of data; ETSS Detector; Web applications; XSS attacks; cross-site scripting vulnerabilities; interactivity; Browsers; Data mining; Databases; Filling; Qualifications; Security; Testing; Cross-Site Scripting; ETSSDetector; vulnerabilities;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network Computing and Applications (NCA), 2014 IEEE 13th International Symposium on
Conference_Location :
Cambridge, MA
Print_ISBN :
978-1-4799-5392-9
Type :
conf
DOI :
10.1109/NCA.2014.53
Filename :
6924244
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=121060
بازگشت