We consider the case where a knowledge base consists of interactions among parameter values in an input parameter model for web application security testing. The input model gives rise to attack strings to be used for exploiting XSS vulnerabilities, a critical threat towards the security of web applications. Testing results are then annotated with a vulnerability triggering or non-triggering classification, and such security knowledge findings are added back to the knowledge base, making the resulting attack capabilities superior for newly requested input models. We present our approach as an iterative process that evolves an input model for security testing. Empirical evaluation on six real-world web application shows that the process effectively evolves a knowledge base for XSS vulnerability detection, achieving on average 78.8% accuracy.

(2019). A fault-driven combinatorial process for model evolution in XSS vulnerability detection . Retrieved from http://hdl.handle.net/10446/151156

A fault-driven combinatorial process for model evolution in XSS vulnerability detection

Radavelli, Marco;Gargantini, Angelo;
2019-01-01

Abstract

We consider the case where a knowledge base consists of interactions among parameter values in an input parameter model for web application security testing. The input model gives rise to attack strings to be used for exploiting XSS vulnerabilities, a critical threat towards the security of web applications. Testing results are then annotated with a vulnerability triggering or non-triggering classification, and such security knowledge findings are added back to the knowledge base, making the resulting attack capabilities superior for newly requested input models. We present our approach as an iterative process that evolves an input model for security testing. Empirical evaluation on six real-world web application shows that the process effectively evolves a knowledge base for XSS vulnerability detection, achieving on average 78.8% accuracy.
2019
Garn, Bernhard; Radavelli, Marco; Gargantini, Angelo Michele; Leithner, Manuel; Simos Dimitris, E.
File allegato/i alla scheda:
File Dimensione del file Formato  
xssvulnerabilities_ieaaie19_cameraReady.pdf

Solo gestori di archivio

Versione: postprint - versione referata/accettata senza referaggio
Licenza: Licenza default Aisberg
Dimensione del file 291.08 kB
Formato Adobe PDF
291.08 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/151156
Citazioni
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 6
social impact