Large-Scale Detection of DOM-Based XSS Based on Publisher and Subscriber Model
作者: Trong Kha Nguyen , Seong Oun Hwang
关键词:
摘要: Cross-site scripting (also referred to as XSS) is a vulnerability that allows an attacker send malicious code (usually in the form of JavaScript) another user. XSS one top 10 vulnerabilities on Web application. While traditional cross-site exploits server-side codes, DOM-based type which affects script being executed clients browser. are much harder be detected than classic because they reside codes from sites. An automated scanner needs able execute without errors and monitor execution this detect such vulnerabilities. In paper, we introduce distributed scanning tool for crawling modern applications large scale detecting, validating DOMbased Very few scanners can really accomplish this.
sci-hub.se 参考文章(3)
Adam Doupé, Marco Cova, Giovanni Vigna, Why Johnny can't pentest: an analysis of black-box web vulnerability scanners international conference on detection of intrusions and malware and vulnerability assessment. pp. 111- 131 ,(2010) , 10.1007/978-3-642-14215-4_7
Steve Lawrence, C. Lee Giles, Accessibility of information on the web Nature. ,vol. 400, pp. 107- 109 ,(1999) , 10.1038/21987
Ali Mesbah, Arie van Deursen, Stefan Lenselink, Crawling Ajax-Based Web Applications through Dynamic Analysis of User Interface State Changes ACM Transactions on The Web. ,vol. 6, pp. 3- ,(2012) , 10.1145/2109205.2109208