State-Sensitive Black-Box Web Application Scanning for Cross-Site Scripting Vulnerability Detection-Reference-Cited by-同舟云学术

State-Sensitive Black-Box Web Application Scanning for Cross-Site Scripting Vulnerability Detection

Published:2023-08-13 Issue:16 Volume:13 Page:9212
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Zhang Tianxiang¹²,Huang Hui¹²^ORCID,Lu Yuliang¹²,Zhu Kailong¹²,Zhao Jiazhen¹²

Affiliation:

1. College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China

2. Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation, Hefei 230037, China

Abstract

Black-box web application scanning has been a popular technique to detect Cross-Site Scripting (XSS) vulnerabilities without prior knowledge of the application. However, several limitations lead to low efficiency of current black-box scanners, including (1) the scanners waste time by repetitively visiting similar states, such as similar HTML forms of two different products, and (2) using a First-In-First-Out (FIFO) fuzzing order for the collected forms has led to low efficiency in detecting XSS vulnerabilities, as different forms have different potential possibilities of XSS vulnerability. In this paper, we present a state-sensitive black-box web application scanning method, including a filtering method for excluding similar states and a heuristic ranking method for optimizing the fuzzing order of forms. The filtering method excludes similar states by comparing readily available characteristic information that does not require visiting the states. The ranking method sorts forms based on the number of injection points since it is commonly observed that forms with a greater number of injection points have a higher probability of containing XSS vulnerabilities. To demonstrate the effectiveness of our scanning method, we implement it in our black-box web scanner and conduct experimental evaluations on eight real-world web applications within a limited scanning time. Experimental results demonstrate that the filtering method improves the code coverage about 17% on average and the ranking method helps detect 53 more XSS vulnerabilities. The combination of the filtering and ranking methods helps detect 81 more XSS vulnerabilities.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/16/9212/pdf

Reference36 articles.

1. Bailey, M., and Greenstadt, R. (2021). Proceedings of the 30th USENIX Security Symposium, USENIX Security 2021, Virtual, 11–13 August 2021, USENIX Association.

2. Trickel, E., Pagani, F., Zhu, C., Dresel, L., Vigna, G., Kruegel, C., Wang, R., Bao, T., Shoshitaishvili, Y., and Doupé, A. (2023, January 22–25). Toss a fault to your witcher: Applying grey-box coverage-guided mutational fuzzing to detect sql and command injection vulnerabilities. Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.

3. Song, X., Zhang, R., Dong, Q., and Cui, B. (2023). Grey-Box Fuzzing Based on Reinforcement Learning for XSS Vulnerabilities. Appl. Sci., 13.

4. OWASP (2023, June 30). Top 10 Web Application Security Risks. Available online: https://owasp.org/www-project-top-ten/.

5. Yin, H., Stavrou, A., Cremers, C., and Shi, E. (2022). Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, 7–11 November 2022, ACM.