Title :
A context-sensitive approach for precise detection of cross-site scripting vulnerabilities
Author :
Gupta, M.K. ; Govil, Mahesh Chand ; Singh, Gagan
Author_Institution :
Dept. of Comput. Sc. & Eng., Malviya Nat. Inst. of Tech., Jaipur, India
Abstract :
Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.
Keywords :
Internet; hypermedia markup languages; invasive software; source code (software); Web application; XSS vulnerability; cross-site scripting vulnerability; defensive programming based HTML context-sensitive approach; financial transaction; health services; malicious operation; malicious user; malware; precise detection; sensitive information; social communication; source code; taint analysis; Browsers; Context; HTML; Security; Servers; Software; Standards; Cross-Site Scripting; Software Development Life Cycle; Taint Analysis; Vulnerability Detection; XSS Attacks;
Conference_Titel :
Innovations in Information Technology (INNOVATIONS), 2014 10th International Conference on
Conference_Location :
Al Ain
Print_ISBN :
978-1-4799-7210-4
DOI :
10.1109/INNOVATIONS.2014.6987553
