DocumentCode :
163302
Title :
Detecting cross site scripting vulnerabilities introduced by HTML5
Author :
Guowei Dong ; Yan Zhang ; Xin Wang ; Peng Wang ; Liangkun Liu
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
fYear :
2014
fDate :
14-16 May 2014
Firstpage :
319
Lastpage :
323
Abstract :
Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5.
Keywords :
Internet; Web sites; hypermedia markup languages; security of data; HTML5; Web standard; Webmail system; XSS attack surface; XSS attack vectors; XSS test vector repository; cross site scripting vulnerability detection; dynamic XSS vulnerability detection tool; systematic analysis; HTML5; attack surface; dynamic detection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on
Conference_Location :
Chon Buri
Print_ISBN :
978-1-4799-5821-4
Type :
conf
DOI :
10.1109/JCSSE.2014.6841888
Filename :
6841888
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=163302
بازگشت