XSS PEEKER: Dissecting the XSS Exploitation Techniques and Fuzzing Mechanisms of Blackbox Web Application Scanners

机译：XSS PEEKER：剖析Blackbox Web应用程序扫描程序的XSS开发技术和模糊机制

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Black-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In this paper, we focus on this vulnerability class, and systematically explore 6 black-box scanners to uncover how they detect XSS vulnerabilities, and obtain useful insights to understand their limitations and design better detection methods. A novelty of our workflow is the retrofitting of the testbed so as to accommodate payloads that triggered no vulnerabilities in the initial set. This has the benefit of creating a systematic process to increase the number of test cases, which was not considered by previous testbed-driven approaches.

机译：黑盒漏洞扫描程序可能会漏掉一部分不可忽略的漏洞。即使对于跨站点脚本（XSS）漏洞（相对较容易发现）也是如此。在本文中，我们将重点放在此漏洞类别上，并系统地探索6个黑盒扫描程序，以发现它们如何检测XSS漏洞，并获得有用的见解以了解其局限性并设计更好的检测方法。我们工作流程的新颖之处在于，对测试平台进行了改造，以适应有效载荷，该载荷不会在初始设置中触发任何漏洞。这样做的好处是可以创建一个系统的过程来增加测试用例的数量，而以前的测试平台驱动的方法并未考虑到这一点。

著录项

来源
《IFIP TC 11 International conference on information security and privacy》|2016年|243-258|共16页
会议地点
作者
Enrico Bazzoli; Claudio Criscione; Federico Maggi; Stefano Zanero;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud [J] . Gupta Shashank, Gupta B. B. Multimedia Tools and Applications . 2018,第4期

机译：XSS-secure作为云中基于在线社交网络的多媒体Web应用程序平台的服务
2. Efficient yet Robust Elimination of XSS Attack Vectors from HTML5 Web Applications Hosted on OSN-Based Cloud Platforms [J] . Gurpreet Kaur, Bhavika Pande, Aayushi Bhardwaj, Procedia Computer Science . 2018,第5期

机译：从基于OSN的云平台上托管的HTML5 Web应用程序的高效且强大的消除XSS攻击向量
3. CSSXC: Context-sensitive Sanitization Framework for Web Applications against XSS Vulnerabilities in Cloud Environments [J] . Shashank Gupta, B.B. Gupta Procedia Computer Science . 2016,第1期

机译：CSSXC：针对云环境中的XSS漏洞的Web应用程序上下文相关的消毒框架
4. XSS PEEKER: Dissecting the XSS Exploitation Techniques and Fuzzing Mechanisms of Blackbox Web Application Scanners [C] . Enrico Bazzoli, Claudio Criscione, Federico Maggi, IFIP TC 11 International conference on information security and privacy . 2016

机译：XSS Peeker：解剖XSS开发技术和Blackbox Web应用程序扫描仪的模糊机制
5. Evaluation of Training Methods That Prepare Software Programmers to Mitigate Web Application Cross-Site Scripting (XSS) Vulnerabilities for Software Vendors of Commercial Banks [D] . Oladele, Adekunle 2019

机译：对培训方法的评估，这些培训方法使软件程序员能够缓解商业银行软件供应商的Web应用程序跨站点脚本（XSS）漏洞
6. Regime shifts in exploited marine food webs: detecting mechanisms underlying alternative stable states using size-structured community dynamics theory [O] . Anna Gårdmark, Michele Casini, Magnus Huss, 2015

机译：海洋生物开发网中的制度转移：利用规模结构的社区动力学理论检测替代稳定状态的机制
7. XSS PEEKER: Dissecting the XSS Exploitation Techniques and Fuzzing Mechanisms of Blackbox Web Application Scanners [O] . Enrico Bazzoli, Claudio Criscione, Federico Maggi, 2016

机译：XSS Peeker：解剖XSS开发技术和Blackbox Web应用程序扫描仪的模糊机制

XSS PEEKER: Dissecting the XSS Exploitation Techniques and Fuzzing Mechanisms of Blackbox Web Application Scanners

摘要

著录项

相似文献

相关主题

期刊订阅