• DocumentCode
    1904230
  • Title

    A multi-agent scanner to detect stored-XSS vulnerabilities

  • Author

    Galán, E. ; Alcaide, A. ; Orfila, A. ; Blasco, J.

  • Author_Institution
    Univ. Carlos III of Madrid, Leganés, Spain
  • fYear
    2010
  • fDate
    8-11 Nov. 2010
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    The cross-site scripting (XSS) has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. One interesting possibility to prevent this type of vulnerability is the use of vulnerability scanners. However, current scanners are capable of detecting just one of the two main modalities of XSS attacks. This paper introduces a novel multi-agent system for the automated scanning of web sites to detect the presence of XSS vulnerabilities exploitable by an stored-XSS attack. The rate of detection of the system is evaluated in two different scenarios.
  • Keywords
    Internet; Web sites; multi-agent systems; security of data; Web application; Web browser; Web sites; automated scanning; cross-site scripting; multi-agent scanner; multiagent system; script code; stored-XSS attack; stored-XSS vulnerability; vulnerability scanner; Browsers; HTML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Technology and Secured Transactions (ICITST), 2010 International Conference for
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-8862-9
  • Electronic_ISBN
    978-0-9564263-6-9
  • Type

    conf

  • Filename
    5678543
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1904230