Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing

Abstract: Abstract-One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical study to … Show more

“…However, these techniques need further validation and research. Abgral et al utilized cross-site scripting attacks [32] to fingerprint HTML parsers in different browsers. This method yields fingerprints that are hard to mislead and difficult to reproduce since they presume a running HTML parser.…”

“…Another approach was proposed in [45], where Chromium was changed to protect against Flash and Canvas browser fingerprinting, but without influencing the two technologies. Laperdrix et al [46] also offered a Firefox-based upgrade with fingerprint protection against AudioContext, and Mitropoulos et al presented a training technique [47] for known cross-site scripting attacks to gather browser fingerprints [32]. ElBanna and Abdelbaki later created a method to reduce browser fingerprinting [48] for WebGL and Canvas fingerprint monitoring.…”

Browser Fingerprinting: Overview and Open Challenges

“…However, these techniques need further validation and research. Abgral et al utilized cross-site scripting attacks [32] to fingerprint HTML parsers in different browsers. This method yields fingerprints that are hard to mislead and difficult to reproduce since they presume a running HTML parser.…”

“…Another approach was proposed in [45], where Chromium was changed to protect against Flash and Canvas browser fingerprinting, but without influencing the two technologies. Laperdrix et al [46] also offered a Firefox-based upgrade with fingerprint protection against AudioContext, and Mitropoulos et al presented a training technique [47] for known cross-site scripting attacks to gather browser fingerprints [32]. ElBanna and Abdelbaki later created a method to reduce browser fingerprinting [48] for WebGL and Canvas fingerprint monitoring.…”

Browser Fingerprinting: Overview and Open Challenges

“…Using model extraction methods, people mainly study the implementations security such as F * [15], [20], C [9], JAVA [34], [35], Swift [36], and ProScript [37]. Bhargavan et al [20] proposed a model extraction tool called fs2pv which extracts the SPI written by F * .…”

Analyzing Security Protocol Web Implementations Based on Model Extraction With Applied PI Calculus

Understanding the Digital Frontier: Examining Privacy and Data Security in Desktop Web Browsers