Detecting Cross-Site Scripting Vulnerability Using Concolic Testing

Ruse, Michelle; Basu, Samik

doi:10.1109/itng.2013.97

Cited by 14 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method [66], according to the researchers, is intended for JSP-based web-related applications and is a jCute concolic testing. They employ static analysis and real-time monitoring.…”

Section: Conflicts Of Interestmentioning

confidence: 99%

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Weamie¹

2022

IJCNS

View full text Add to dashboard Cite

The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers' defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.

show abstract

“…This method [66], according to the researchers, is intended for JSP-based web-related applications and is a jCute concolic testing. They employ static analysis and real-time monitoring.…”

Section: Conflicts Of Interestmentioning

confidence: 99%

Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey

Weamie¹

2022

IJCNS

View full text Add to dashboard Cite

show abstract

“…• Verify Constraint or Pattern (VCP) without using models. This category of WAVD methods [9,23,54,55,57,59,62,67,72,75,82,83,91,94,105,109,110,115,118,119,121,126,130,151,152] begins by identifying constraints, patterns, or policies related to a specific vulnerability from source code, execution trace, or user inputs and then checks or monitors violations of the constraints to detect vulnerabilities or attacks. Unlike VCPM, the VCP approaches do not generate and use models in the process of constraint and pattern verification.…”

Section: The Classifications Of Wavd Approachesmentioning

confidence: 99%

Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

et al. 2021

View full text Add to dashboard Cite

Most existing surveys and reviews on web application vulnerability detection (WAVD) approaches focus on comparing and summarizing the approaches’ technical details. Although some studies have analyzed the efficiency and effectiveness of specific methods, there is a lack of a comprehensive and systematic analysis of the efficiency and effectiveness of various WAVD approaches. We conducted a systematic literature review (SLR) of WAVD approaches and analyzed their efficiency and effectiveness. We identified 105 primary studies out of 775 WAVD articles published between January 2008 and June 2019. Our study identified 10 categories of artifacts analyzed by the WAVD approaches and 8 categories of WAVD meta-approaches for analyzing the artifacts. Our study’s results also summarized and compared the effectiveness and efficiency of different WAVD approaches on detecting specific categories of web application vulnerabilities and which web applications and test suites are used to evaluate the WAVD approaches. To our knowledge, this is the first SLR that focuses on summarizing the effectiveness and efficiencies of WAVD approaches. Our study results can help security engineers choose and compare WAVD tools and help researchers identify research gaps.

show abstract

“…Results comparison from BRC6 of I1 iterations with previous method [22] Figure 3 Results comparison from BRC6 of I2 iterations with previous method [22] Figure 4 Results comparison from BRC6 of I3 iterations with previous method [22]…”

Section: Figurementioning

confidence: 99%