DocumentCode
121060
Title
ETSSDetector: A Tool to Automatically Detect Cross-Site Scripting Vulnerabilities
Author
Rocha, Thiago S. ; Souto, Eduardo
Author_Institution
Inst. of Comput., Fed. Univ. of Amazonas, Manaus, Brazil
fYear
2014
fDate
21-23 Aug. 2014
Firstpage
306
Lastpage
309
Abstract
The inappropriate use of features intended to improve usability and interactivity of web applications has resulted in the emergence of various threats, including Cross-Site Scripting(XSS) attacks. In this work, we developed ETSS Detector, a generic and modular web vulnerability scanner that automatically analyzes web applications to find XSS vulnerabilities. ETSS Detector is able to identify and analyze all data entry points of the application and generate specific code injection tests for each one. The results shows that the correct filling of the input fields with only valid information ensures a better effectiveness of the tests, increasing the detection rate of XSS attacks.
Keywords
Internet; interactive systems; security of data; ETSS Detector; Web applications; XSS attacks; cross-site scripting vulnerabilities; interactivity; Browsers; Data mining; Databases; Filling; Qualifications; Security; Testing; Cross-Site Scripting; ETSSDetector; vulnerabilities;
fLanguage
English
Publisher
ieee
Conference_Titel
Network Computing and Applications (NCA), 2014 IEEE 13th International Symposium on
Conference_Location
Cambridge, MA
Print_ISBN
978-1-4799-5392-9
Type
conf
DOI
10.1109/NCA.2014.53
Filename
6924244
Link To Document