Adaptive Random Testing for XSS Vulnerability

被引：12

作者：

Lv, Chengcheng ^{[1
]}

Zhang, Long ^{[2
,3
]}

Zeng, Fanping ^{[1
]}

Zhang, Jian ^{[2
,3
]}

机构：

[1] Univ Sci & Technol China, Sch Comp Sci & Technol, Hefei, Peoples R China

[2] Chinese Acad Sci, Inst Software, State Key Lab Comp Sci, Beijing, Peoples R China

[3] Univ Chinese Acad Sci, Beijing, Peoples R China

来源：

2019 26TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC) | 2019年

基金：

国家重点研发计划; 中国国家自然科学基金;

关键词：

XSS Vulnerability; Adaptive Random Testing; Fuzzing;

D O I：

10.1109/APSEC48747.2019.00018

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

XSS is one of the common vulnerabilities in web applications. Many black-box testing tools may collect a large number of payloads and traverse them to find a payload that can be successfully injected, but they are not very efficient. Previous research has paid less attention to how to improve the efficiency of black-box testing to detect XSS vulnerability. To improve the efficiency of testing, we develop an XSS testing tool. It collects 6128 payloads and uses a headless browser to detect XSS vulnerability. The tool can discover XSS vulnerability quickly with adaptive random testing method. We conduct an experiment using 3 extensively adopted open source vulnerable benchmarks and 2 actual websites to evaluate the adaptive random testing method. The experimental results indicate that the adaptive random testing method can effectively improve the fuzzing method by more than 27.1% in reducing the number of attempts before accomplishing a successful injection.

引用

页码：63 / 69

页数：7

共 50 条

[21] Code Coverage of Adaptive Random Testing
Chen, Tsong Yueh
Kuo, Fei-Ching
Liu, Huai
Wong, W. Eric
IEEE TRANSACTIONS ON RELIABILITY, 2013, 62 (01) : 226 - 237
[22] On favourable conditions for adaptive random testing
Chen, Tsong Yueh
Kuo, Fei-Ching
Zhou, Zhi Quan
INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2007, 17 (06) : 805 - 825
[23] Kernel Density Adaptive Random Testing
Patrick, Matthew
Jia, Yue
2015 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW), 2015,
[24] Adaptive and Random Partition Software Testing
Lv, Junpeng
Hu, Hai
Cai, Kai-Yuan
Chen, Tsong Yueh
IEEE TRANSACTIONS ON SYSTEMS MAN CYBERNETICS-SYSTEMS, 2014, 44 (12): : 1649 - 1664
[25] XSS Pattern for Attack Modeling in Testing
Bozic, Josip
Wotawa, Franz
2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST), 2013, : 71 - 74
[26] XSS Vulnerability Test Enhancement for Progressive Web Applications
Valles, Josep Pegueroles
Bongard, Sebastien Kanj
Castellvi, Arnau Estebanell
DIGITAL FORENSICS AND CYBER CRIME, PT 2, ICDF2C 2023, 2024, 571 : 152 - 163
[27] Arselda: an Improvement on Adaptive Random Testing by Adaptive Region Selection
Rezaalipour, Mohammad
Talebsafa, Lida
Vahidi-Asl, Mojtaba
2018 8TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2018, : 73 - 78
[28] XSS Vulnerability Detection Using Optimized Attack Vector Repertory
Guo, Xiaobing
Jin, Shuyuan
Zhang, Yaxing
2015 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY, 2015, : 29 - 36
[29] On Adaptive Random Testing Through Iterative Partitioning
Chen, Tsong Yueh
Huang, De Hao
Zhou, Zhi Quan
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2011, 27 (04) : 1449 - 1472
[30] On Enhancing Adaptive Random Testing for AADL Model
Sun, Bo
Dong, Yunwei
Ye, Hong
2012 9TH INTERNATIONAL CONFERENCE ON UBIQUITOUS INTELLIGENCE & COMPUTING AND 9TH INTERNATIONAL CONFERENCE ON AUTONOMIC & TRUSTED COMPUTING (UIC/ATC), 2012, : 455 - 461

← 1 2 3 4 5 →