Visible to the public XSSDM: Towards detection and mitigation of cross-site scripting vulnerabilities in web applications

TitleXSSDM: Towards detection and mitigation of cross-site scripting vulnerabilities in web applications
Publication TypeConference Paper
Year of Publication2015
AuthorsGupta, M. K., Govil, M. C., Singh, G., Sharma, P.
Conference Name2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI)
Date Publishedaug
KeywordsComputer crime, Context, Context Sensitive, context-sensitive approach, Cross-site scripting (XSS), cross-site scripting vulnerability detection, cyber crime, HTML, Internet, Pattern matching, pattern matching technique, program diagnostics, pubcrawl170109, Reactive power, security, security vulnerability, Sensitivity, Servers, source code, source code (software), Standards, static analysis, static taint analysis, Web application, Web Application Security, XSSDM

With the growth of the Internet, web applications are becoming very popular in the user communities. However, the presence of security vulnerabilities in the source code of these applications is raising cyber crime rate rapidly. It is required to detect and mitigate these vulnerabilities before their exploitation in the execution environment. Recently, Open Web Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CWE) reported Cross-Site Scripting (XSS) as one of the most serious vulnerabilities in the web applications. Though many vulnerability detection approaches have been proposed in the past, existing detection approaches have the limitations in terms of false positive and false negative results. This paper proposes a context-sensitive approach based on static taint analysis and pattern matching techniques to detect and mitigate the XSS vulnerabilities in the source code of web applications. The proposed approach has been implemented in a prototype tool and evaluated on a public data set of 9408 samples. Experimental results show that proposed approach based tool outperforms over existing popular open source tools in the detection of XSS vulnerabilities.

Citation Keygupta_xssdm:_2015