Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
304
Security Testing of Web Applications: a Search Based Approach for Cross-Site Scripting Vulnerabilities
"... More and more web applications suffer the presence of cross-site scripting vulnerabilities that could be exploited by attackers to access sensitive information (such as cre-dentials or credit card numbers). Hence proper tests are required to assess the security of web applications. In this paper, we ..."
Abstract
- Add to MetaCart
, we resort to a search based approach for security testing web applications. We take advantage of static analysis to detect candidate cross-site scripting vulnerabilities. Input values that expose these vulnerabil-ities are searched by a genetic algorithm and, to help the genetic algorithm escape
Search-based security testing . . .
- SBST'14
, 2014
"... SQL injections are still the most exploited web application vulnerabilities. We present a technique to automatically detect such vulnerabilities through targeted test generation. Our approach uses search-based testing to systematically evolve inputs to maximize their potential to expose vulnerabili ..."
Abstract
- Add to MetaCart
SQL injections are still the most exploited web application vulnerabilities. We present a technique to automatically detect such vulnerabilities through targeted test generation. Our approach uses search-based testing to systematically evolve inputs to maximize their potential to expose
Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
- In Proceeding of the Network and Distributed System Security Symposium (NDSS’07
, 2007
"... Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker). ..."
Abstract
-
Cited by 104 (2 self)
- Add to MetaCart
Cross-site scripting (XSS) is an attack against web applications in which scripting code is injected into the output of an application that is then sent to a user’s web browser. In the browser, this scripting code is executed and used to transfer sensitive data to a third party (i.e., the attacker
DEFENDING AGAINST WEB VULNERABILITIES AND CROSS-SITE SCRIPTING
"... Abstract: Researchers have devised multiple solutions to cross-site scripting, but vulnerabilities persists in many Web applications due to developer‟s lack of expertise in the problem identification and their unfamiliarity with the current mechanisms. As proclaimed by the experts, cross-site script ..."
Abstract
- Add to MetaCart
Abstract: Researchers have devised multiple solutions to cross-site scripting, but vulnerabilities persists in many Web applications due to developer‟s lack of expertise in the problem identification and their unfamiliarity with the current mechanisms. As proclaimed by the experts, cross-site
XSSDS: Server-side Detection of Cross-site Scripting Attacks
- In Annual Computer Security Applications Conference (ACSAC
, 2008
"... Cross-site Scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the server-side, the actual exploitation is within the victim’s web browser on the client-side. Therefore, an operator of a web application h ..."
Abstract
-
Cited by 16 (0 self)
- Add to MetaCart
Cross-site Scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the server-side, the actual exploitation is within the victim’s web browser on the client-side. Therefore, an operator of a web application
Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks
, 2006
"... access to on-line services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the contex ..."
Abstract
-
Cited by 113 (11 self)
- Add to MetaCart
in the context of the user's web browser. To protect the user's environment from malicious JavaScript code, a sandboxing mechanism is used that limits a program to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if a user can be lured
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
"... Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in 2007. The main underlying reason for XSS vulnerabilities is that web markup and client-side languages do not provide principled mechanisms to ensure secure, ground-up isolation of user-generated data in web appl ..."
Abstract
-
Cited by 62 (10 self)
- Add to MetaCart
Cross-site scripting (or XSS) has been the most dominant class of web vulnerabilities in 2007. The main underlying reason for XSS vulnerabilities is that web markup and client-side languages do not provide principled mechanisms to ensure secure, ground-up isolation of user-generated data in web
Static Detection of Security Vulnerabilities in Scripting Languages
"... We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock, intraproced ..."
Abstract
-
Cited by 197 (3 self)
- Add to MetaCart
We present a static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications. Our analysis employs a novel three-tier architecture to capture information at decreasing levels of granularity at the intrablock
Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
- 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 2009
"... As social networking sites proliferate across the World Wide Web, complex user-created HTML content is rapidly becoming the norm rather than the exception. User-created web content is a notorious vector for cross-site scripting (XSS) attacks that target websites and confidential user data. In this t ..."
Abstract
-
Cited by 46 (2 self)
- Add to MetaCart
As social networking sites proliferate across the World Wide Web, complex user-created HTML content is rapidly becoming the norm rather than the exception. User-created web content is a notorious vector for cross-site scripting (XSS) attacks that target websites and confidential user data
2008 Annual Computer Security Applications Conference XSSDS: Server-side Detection of Cross-site Scripting Attacks
"... Cross-site Scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the serverside, the actual exploitation is within the victim’s web browser on the client-side. Therefore, an operator of a web application ha ..."
Abstract
- Add to MetaCart
Cross-site Scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the serverside, the actual exploitation is within the victim’s web browser on the client-side. Therefore, an operator of a web application
Results 1 - 10
of
304
