|
Published Articles >> Table of Contents >> Abstract
Sixth IEEE International Workshop on Web Site Evolution(WSE'04)
pp. 71-80
Identifying Cross Site Scripting Vulnerabilities in Web Applications
G. A. Di Lucca, University of Sannio, Italy
A. R. Fasolino, Università di Napoli Federico II, Italy
M. Mastoianni, Seconda Università di Napoli, Italy
P. Tramontana, Università di Napoli Federico II, Italy
Full Article Text:
  
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WSE.2004.10013
Send link to a friend
| Abstract |
|
Cross Site Scripting (XSS) is a vulnerability of a
Web Application that is essentially caused by the
failure of the application to check up on user input
before returning it to the client's web browser.
Without an adequate validation, user input may
include malicious code that may be sent to other
clients and unexpectedly executed by their browsers,
thus causing a security attack.
Techniques to prevent this type of attacks require
that all application input must be checked up and
filtered, encoded, or validated before sending them to
any user. In order to discover the XSS vulnerabilities
in a Web application, traditional source code analysis
techniques can be exploited. In this paper, in order to
assess the XSS vulnerability of a Web application, an
approach that combines static and dynamic analysis
of the Web application is presented. Static analysis
based criteria have been defined to detect potential
vulnerabilities in the server pages of a Web
application, while a process of dynamic analysis has
been proposed in order to detect actual
vulnerabilities. Some case studies have been carried
out, giving encouraging results.
|
 Additional Information
|
Citation:
G. A. Di Lucca, A. R. Fasolino, M. Mastoianni, P. Tramontana,
"Identifying Cross Site Scripting Vulnerabilities in Web Applications,"
wse,
pp. 71-80,
Sixth IEEE International Workshop on Web Site Evolution(WSE'04),
2004
|
|
