Identifying Cross Site Scripting Vulnerabilities in Web Applications

W
WSE
2004
Sixth IEEE International Workshop on Web Site Evolution(WSE'04)
Abstract - Identifying Cross Site Scripting Vulnerabilities in Web Applications

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by G. A. Di Lucca Articles by A. R. Fasolino Articles by M. Mastoianni Articles by P. Tramontana

Sixth IEEE International Workshop on Web Site Evolution(WSE'04)

Chicago, Illinois

September 11-September 11

ISBN: 0-7695-2224-6

	ASCII Text	x
	G. A. Di Lucca, A. R. Fasolino, M. Mastoianni, P. Tramontana, "Identifying Cross Site Scripting Vulnerabilities in Web Applications," Web Site Evolution, IEEE International Workshop on, pp. 71-80, Sixth IEEE International Workshop on Web Site Evolution(WSE'04), 2004.

	BibTex	x
	@article{ 10.1109/WSE.2004.10013, author = {G. A. Di Lucca and A. R. Fasolino and M. Mastoianni and P. Tramontana}, title = {Identifying Cross Site Scripting Vulnerabilities in Web Applications}, journal ={Web Site Evolution, IEEE International Workshop on}, volume = {0}, year = {2004}, issn = {1550-4441}, pages = {71-80}, doi = {http://doi.ieeecomputersociety.org/10.1109/WSE.2004.10013}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Web Site Evolution, IEEE International Workshop on TI - Identifying Cross Site Scripting Vulnerabilities in Web Applications SN - 1550-4441 SP71 EP80 A1 - G. A. Di Lucca, A1 - A. R. Fasolino, A1 - M. Mastoianni, A1 - P. Tramontana, PY - 2004 KW - null VL - 0 JA - Web Site Evolution, IEEE International Workshop on ER -

G. A. Di Lucca, University of Sannio, Italy

A. R. Fasolino, Universit? di Napoli Federico II, Italy

M. Mastoianni, Seconda Universit? di Napoli, Italy

P. Tramontana, Universit? di Napoli Federico II, Italy

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WSE.2004.10013

Cross Site Scripting (XSS) is a vulnerability of a Web Application that is essentially caused by the failure of the application to check up on user input before returning it to the client's web browser. Without an adequate validation, user input may include malicious code that may be sent to other clients and unexpectedly executed by their browsers, thus causing a security attack.

Techniques to prevent this type of attacks require that all application input must be checked up and filtered, encoded, or validated before sending them to any user. In order to discover the XSS vulnerabilities in a Web application, traditional source code analysis techniques can be exploited. In this paper, in order to assess the XSS vulnerability of a Web application, an approach that combines static and dynamic analysis of the Web application is presented. Static analysis based criteria have been defined to detect potential vulnerabilities in the server pages of a Web application, while a process of dynamic analysis has been proposed in order to detect actual vulnerabilities. Some case studies have been carried out, giving encouraging results.

Citation:

G. A. Di Lucca, A. R. Fasolino, M. Mastoianni, P. Tramontana, "Identifying Cross Site Scripting Vulnerabilities in Web Applications," wse, pp.71-80, Sixth IEEE International Workshop on Web Site Evolution(WSE'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.