• DocumentCode
    163302
  • Title

    Detecting cross site scripting vulnerabilities introduced by HTML5

  • Author

    Guowei Dong ; Yan Zhang ; Xin Wang ; Peng Wang ; Liangkun Liu

  • Author_Institution
    China Inf. Technol. Security Evaluation Center, Beijing, China
  • fYear
    2014
  • fDate
    14-16 May 2014
  • Firstpage
    319
  • Lastpage
    323
  • Abstract
    Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5.
  • Keywords
    Internet; Web sites; hypermedia markup languages; security of data; HTML5; Web standard; Webmail system; XSS attack surface; XSS attack vectors; XSS test vector repository; cross site scripting vulnerability detection; dynamic XSS vulnerability detection tool; systematic analysis; HTML5; attack surface; dynamic detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on
  • Conference_Location
    Chon Buri
  • Print_ISBN
    978-1-4799-5821-4
  • Type

    conf

  • DOI
    10.1109/JCSSE.2014.6841888
  • Filename
    6841888
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=163302