Systematical Vulnerability Detection in Browser Validation Mechanism

At present, the complexity of input and unverified assumptions about other components of the rich web applications is a problem requesting much more attention. Most client-side applications are designed without the full consideration of input validation. These issues can cause a new class of web threats. To deal with the security issues above, we classify and highlight a new class of vulnerabilities which is described as the browser input validation vulnerability. This class of vulnerability arises from unsafe usage of unauthentic data or scripts. These elements can be inserted in the frame and be executed in the scripting language engine of the browsers to make an assault. To systematically discover the vulnerabilities of this class, in this paper, we propose and implement one combination of dynamic analysis and comparison technique. By using several vulnerabilities as testing cases, the techniques are light-weight, efficient, and have low rate of false positive and false negative.