Loading…
A Source Code Cross-site Scripting Vulnerability Detection Method
To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the so...
Saved in:
| Published in: | KSII transactions on Internet and information systems 2023-06, Vol.17 (6), p.1689-1705 |
|---|---|
| Main Authors: | , , , , , , , |
| Format: | Article |
| Language: | Korean |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 1705 |
| container_issue | 6 |
| container_start_page | 1689 |
| container_title | KSII transactions on Internet and information systems |
| container_volume | 17 |
| creator | Mu Chen Lu Chen Zhipeng Shao Zaojian Dai Nige Li Xingjie Huang Qian Dang Xinjian Zhao |
| description | To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network |
| format | article |
| fullrecord | <record><control><sourceid>kiss_kisti</sourceid><recordid>TN_cdi_kisti_ndsl_JAKO202321337600340</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><kiss_id>4032626</kiss_id><sourcerecordid>4032626</sourcerecordid><originalsourceid>FETCH-LOGICAL-k500-a6b26b6a1500bce57ebd6141dd1d98e73b8b4d116815b3d93eed5f672fd80f993</originalsourceid><addsrcrecordid>eNpNjEtLw0AUhQdRsNT-AjezcRmYR3JnsgzxWStdtLgNmdwbHRqTMjNd9N8bUMTNeXA-zgVbyNJAZpQxl__yNVvF6J2QyirIrV2wquK76RQ64vWEs4Qpxiz6RHzXBX9Mfvzg76dhpNA6P_h05veUqEt-Gvkbpc8Jb9hV3w6RVr--ZPvHh339nG22Ty91tckOhRBZC06Bg1bOxXVUGHIIMpeIEktLRjvrcpQSrCycxlITYdGDUT1a0ZelXrK7n9uDj8k3I8ahWVevWyWUVlJrA0LoXMzc7R8Xm2PwX204N_OgQIH-BshTTuc</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Source Code Cross-site Scripting Vulnerability Detection Method</title><source>EZB Electronic Journals Library</source><creator>Mu Chen ; Lu Chen ; Zhipeng Shao ; Zaojian Dai ; Nige Li ; Xingjie Huang ; Qian Dang ; Xinjian Zhao</creator><creatorcontrib>Mu Chen ; Lu Chen ; Zhipeng Shao ; Zaojian Dai ; Nige Li ; Xingjie Huang ; Qian Dang ; Xinjian Zhao</creatorcontrib><description>To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network</description><identifier>ISSN: 1976-7277</identifier><identifier>EISSN: 1976-7277</identifier><language>kor</language><publisher>한국인터넷정보학회</publisher><subject>cross-site scripting ; Dynamic testing ; Static analysis ; vulnerability ; Vulnerability detection ; Webpage attack simulation ; XSS</subject><ispartof>KSII transactions on Internet and information systems, 2023-06, Vol.17 (6), p.1689-1705</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,780,784,885</link.rule.ids></links><search><creatorcontrib>Mu Chen</creatorcontrib><creatorcontrib>Lu Chen</creatorcontrib><creatorcontrib>Zhipeng Shao</creatorcontrib><creatorcontrib>Zaojian Dai</creatorcontrib><creatorcontrib>Nige Li</creatorcontrib><creatorcontrib>Xingjie Huang</creatorcontrib><creatorcontrib>Qian Dang</creatorcontrib><creatorcontrib>Xinjian Zhao</creatorcontrib><title>A Source Code Cross-site Scripting Vulnerability Detection Method</title><title>KSII transactions on Internet and information systems</title><addtitle>KSII Transactions on Internet and Information Systems (TIIS)</addtitle><description>To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network</description><subject>cross-site scripting</subject><subject>Dynamic testing</subject><subject>Static analysis</subject><subject>vulnerability</subject><subject>Vulnerability detection</subject><subject>Webpage attack simulation</subject><subject>XSS</subject><issn>1976-7277</issn><issn>1976-7277</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNjEtLw0AUhQdRsNT-AjezcRmYR3JnsgzxWStdtLgNmdwbHRqTMjNd9N8bUMTNeXA-zgVbyNJAZpQxl__yNVvF6J2QyirIrV2wquK76RQ64vWEs4Qpxiz6RHzXBX9Mfvzg76dhpNA6P_h05veUqEt-Gvkbpc8Jb9hV3w6RVr--ZPvHh339nG22Ty91tckOhRBZC06Bg1bOxXVUGHIIMpeIEktLRjvrcpQSrCycxlITYdGDUT1a0ZelXrK7n9uDj8k3I8ahWVevWyWUVlJrA0LoXMzc7R8Xm2PwX204N_OgQIH-BshTTuc</recordid><startdate>20230630</startdate><enddate>20230630</enddate><creator>Mu Chen</creator><creator>Lu Chen</creator><creator>Zhipeng Shao</creator><creator>Zaojian Dai</creator><creator>Nige Li</creator><creator>Xingjie Huang</creator><creator>Qian Dang</creator><creator>Xinjian Zhao</creator><general>한국인터넷정보학회</general><scope>HZB</scope><scope>Q5X</scope><scope>JDI</scope></search><sort><creationdate>20230630</creationdate><title>A Source Code Cross-site Scripting Vulnerability Detection Method</title><author>Mu Chen ; Lu Chen ; Zhipeng Shao ; Zaojian Dai ; Nige Li ; Xingjie Huang ; Qian Dang ; Xinjian Zhao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-k500-a6b26b6a1500bce57ebd6141dd1d98e73b8b4d116815b3d93eed5f672fd80f993</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>kor</language><creationdate>2023</creationdate><topic>cross-site scripting</topic><topic>Dynamic testing</topic><topic>Static analysis</topic><topic>vulnerability</topic><topic>Vulnerability detection</topic><topic>Webpage attack simulation</topic><topic>XSS</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Mu Chen</creatorcontrib><creatorcontrib>Lu Chen</creatorcontrib><creatorcontrib>Zhipeng Shao</creatorcontrib><creatorcontrib>Zaojian Dai</creatorcontrib><creatorcontrib>Nige Li</creatorcontrib><creatorcontrib>Xingjie Huang</creatorcontrib><creatorcontrib>Qian Dang</creatorcontrib><creatorcontrib>Xinjian Zhao</creatorcontrib><collection>KISS</collection><collection>Korean Studies Information Service System (KISS) B-Type</collection><collection>KoreaScience</collection><jtitle>KSII transactions on Internet and information systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Mu Chen</au><au>Lu Chen</au><au>Zhipeng Shao</au><au>Zaojian Dai</au><au>Nige Li</au><au>Xingjie Huang</au><au>Qian Dang</au><au>Xinjian Zhao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Source Code Cross-site Scripting Vulnerability Detection Method</atitle><jtitle>KSII transactions on Internet and information systems</jtitle><addtitle>KSII Transactions on Internet and Information Systems (TIIS)</addtitle><date>2023-06-30</date><risdate>2023</risdate><volume>17</volume><issue>6</issue><spage>1689</spage><epage>1705</epage><pages>1689-1705</pages><issn>1976-7277</issn><eissn>1976-7277</eissn><abstract>To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network</abstract><pub>한국인터넷정보학회</pub><tpages>17</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1976-7277 |
| ispartof | KSII transactions on Internet and information systems, 2023-06, Vol.17 (6), p.1689-1705 |
| issn | 1976-7277 1976-7277 |
| language | kor |
| recordid | cdi_kisti_ndsl_JAKO202321337600340 |
| source | EZB Electronic Journals Library |
| subjects | cross-site scripting Dynamic testing Static analysis vulnerability Vulnerability detection Webpage attack simulation XSS |
| title | A Source Code Cross-site Scripting Vulnerability Detection Method |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T03%3A09%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-kiss_kisti&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Source%20Code%20Cross-site%20Scripting%20Vulnerability%20Detection%20Method&rft.jtitle=KSII%20transactions%20on%20Internet%20and%20information%20systems&rft.au=Mu%20Chen&rft.date=2023-06-30&rft.volume=17&rft.issue=6&rft.spage=1689&rft.epage=1705&rft.pages=1689-1705&rft.issn=1976-7277&rft.eissn=1976-7277&rft_id=info:doi/&rft_dat=%3Ckiss_kisti%3E4032626%3C/kiss_kisti%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-k500-a6b26b6a1500bce57ebd6141dd1d98e73b8b4d116815b3d93eed5f672fd80f993%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_kiss_id=4032626&rfr_iscdi=true |