Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities

Avancini, Andrea; Ceccato, Mariano

doi:10.1016/j.infsof.2013.08.001

Cited by 24 publications

(10 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although there are several methodologies employed for detecting XSS vulnerability [7,10,11,12,16,17], the threats of XSS continue to persist. Thus, the aim of this paper is to enhance the detection methodologies by eradicating the infeasible paths, thereby reducing the false positive rate of locating XSS vulnerability.…”

Section: Related Workmentioning

confidence: 99%

“…GAs work as a client application in which the population evolves toward overall fitness even though individuals perish. GAs follow natural evolution mechanisms (e.g., mutation, crossover, and selection), which evaluate the fittest, to solve problems [17]. The elementary genetic algorithm steps are converted into a pseudocode (Fig.…”

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

See 1 more Smart Citation

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Marashdih¹,

Zaaba²,

Omer³

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Cross site scripting (XSS) is one of the major threats to the web application security, where the research is still underway for an effective and useful way to analyse the source code of web application and removes this threat. XSS occurs by injecting the malicious scripts into web application and it can lead to significant violations at the site or for the user. Several solutions have been recommended for their detection. However, their results do not appear to be effective enough to resolve the issue. This paper recommended a methodology for the detection of XSS from the PHP web application using genetic algorithm (GA) and static analysis. The methodology enhances the earlier approaches of determining XSS vulnerability in the web application by eliminating the infeasible paths from the control flow graph (CFG). This aids in reducing the false positive rate in the outcomes. The results of the experiments indicated that our methodology is more effectual in detecting XSS vulnerability from the PHP web application compared to the earlier studies, in terms of the false positive rates and the concrete susceptible paths determined by GA Generator.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Detection Of Xss Vulnerabilitymentioning

confidence: 99%

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Marashdih¹,

Zaaba²,

Omer³

2017

ijacsa

View full text Add to dashboard Cite

show abstract

“…WB services are more prone to cyber attacks due to their public access. Attacker or hackers sometimes breach this security by changing the original mapping of software, which in some instances causes a great loss [9,11].…”

Section: Introductionmentioning

confidence: 99%

“…enterprise security application programming interface whose purpose is incorporating security into existing and new WBs. Finally, researchers have broad consensus over OWASP top 10 regarding the main critical security vulnerabilities of WBs [3,4,7,8,11,12,13,14,17].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Web application security vulnerabilities detection approaches: A systematic mapping study

Rafique

Humayun

Hamid

et al. 2015

2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distribu

View full text Add to dashboard Cite

Number of security vulnerabilities in web application has grown with the tremendous growth of web application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web applications to address the solution of vulnerable web application. However, before advancing towards finding new approaches of web applications security vulnerability detection, there is a need to analyze and synthesize existing evidence based studies in web applications area. To do this, we have planned to conduct a systematic mapping study to view and report the state-of-the-art of empirical work in existing research of web applications. In this paper, we aimed at providing a description of mapping study for synthesizing the reported empirical research in the area of web applications security vulnerabilities detection approaches. The proposed solutions are mapped against: (1) the software development stages for which the solution has been proposed and (2) the web application vulnerabilities mapping according to OWASP Top 10 security vulnerabilities.To do this, existing literature has been surveyed using a systematic mapping study by phrasing two research questions. In the mapping study, a total of 41 studies dating from 1994 to 2014 were evaluated and mapped against the aforementioned categories.The outcome of this mapping study is current state-of-the-art of empirical research in web application area, strength and weaknesses of existing empirical work, best practices and possible directions for future research.

show abstract

Towards Attention Based Vulnerability Discovery Using Source Code Representation

Kim

Hubczenko

Montague

2019

Artificial Neural Networks and Machine Learning – ICANN 2019: Text and Time Series

View full text Add to dashboard Cite

Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities

Cited by 24 publications

References 20 publications

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Web application security vulnerabilities detection approaches: A systematic mapping study

Towards Attention Based Vulnerability Discovery Using Source Code Representation

Contact Info

Product

Resources

About