A Source Code Cross-site Scripting Vulnerability Detection Method

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the so...

Full description

Saved in:
Bibliographic Details
Published in:KSII transactions on Internet and information systems 2023-06, Vol.17 (6), p.1689-1705
Main Authors: Mu Chen, Lu Chen, Zhipeng Shao, Zaojian Dai, Nige Li, Xingjie Huang, Qian Dang, Xinjian Zhao
Format: Article
Language:Korean
Subjects:
cross-site scripting
Dynamic testing
Static analysis
vulnerability
Vulnerability detection
Webpage attack simulation
XSS
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network
ISSN:1976-7277
1976-7277