Title :
Systematical Vulnerability Detection in Browser Validation Mechanism
Author :
Chufeng, Zeng ; Qingxian, Wang
Author_Institution :
Nat. Data Switching Center, Zhengzhou, China
Abstract :
At present, the complexity of input and unverified assumptions about other components of the rich web applications is a problem requesting much more attention. Most client-side applications are designed without the full consideration of input validation. These issues can cause a new class of web threats. To deal with the security issues above, we classify and highlight a new class of vulnerabilities which is described as the browser input validation vulnerability. This class of vulnerability arises from unsafe usage of unauthentic data or scripts. These elements can be inserted in the frame and be executed in the scripting language engine of the browsers to make an assault. To systematically discover the vulnerabilities of this class, in this paper, we propose and implement one combination of dynamic analysis and comparison technique. By using several vulnerabilities as testing cases, the techniques are light-weight, efficient, and have low rate of false positive and false negative.
Keywords :
Internet; online front-ends; security of data; browser validation mechanism; client side applications; dynamic analysis; rich Web applications; security issues; systematical vulnerability detection; unauthentic data; unauthentic scripts; unverified assumptions; Browsers; Engines; Graphical user interfaces; Security; Servers; Testing; Web pages; DOM; Origin; Taint; Validation;
Conference_Titel :
Computational Intelligence and Security (CIS), 2011 Seventh International Conference on
Conference_Location :
Hainan
Print_ISBN :
978-1-4577-2008-6
DOI :
10.1109/CIS.2011.188
