A Crawler-Based Vulnerability Detection Method for Cross-Site Scripting Attacks

Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still i...

Full description

Saved in:
Bibliographic Details
Main Authors: Guan, Haocheng, Li, Dongcheng, Li, Hui, Zhao, Man
Format: Conference Proceeding
Language:English
Subjects:
Crawlers
Cross-site scripting
cybersecurity
Detectors
Phishing
Security
Software quality
Software reliability
vulnerability detection
web attacks
web crawler
XSS(cross site scripting)
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool's efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.
ISSN:2693-9371
DOI:10.1109/QRS-C57518.2022.00103