Adaptive Random Testing for XSS Vulnerability

被引：12

作者：

Lv, Chengcheng ^{[1
]}

Zhang, Long ^{[2
,3
]}

Zeng, Fanping ^{[1
]}

Zhang, Jian ^{[2
,3
]}

机构：

[1] Univ Sci & Technol China, Sch Comp Sci & Technol, Hefei, Peoples R China

[2] Chinese Acad Sci, Inst Software, State Key Lab Comp Sci, Beijing, Peoples R China

[3] Univ Chinese Acad Sci, Beijing, Peoples R China

来源：

2019 26TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC) | 2019年

基金：

国家重点研发计划; 中国国家自然科学基金;

关键词：

XSS Vulnerability; Adaptive Random Testing; Fuzzing;

D O I：

10.1109/APSEC48747.2019.00018

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

XSS is one of the common vulnerabilities in web applications. Many black-box testing tools may collect a large number of payloads and traverse them to find a payload that can be successfully injected, but they are not very efficient. Previous research has paid less attention to how to improve the efficiency of black-box testing to detect XSS vulnerability. To improve the efficiency of testing, we develop an XSS testing tool. It collects 6128 payloads and uses a headless browser to detect XSS vulnerability. The tool can discover XSS vulnerability quickly with adaptive random testing method. We conduct an experiment using 3 extensively adopted open source vulnerable benchmarks and 2 actual websites to evaluate the adaptive random testing method. The experimental results indicate that the adaptive random testing method can effectively improve the fuzzing method by more than 27.1% in reducing the number of attempts before accomplishing a successful injection.

引用

页码：63 / 69

页数：7

共 50 条

[41] Adaptive Random Testing by Bisection and Comprehensive Distance
Mao, Chengying
Quan, Mengting
Chen, Zhilei
Chen, Tsong Yueh
STRUCTURED OBJECT-ORIENTED FORMAL LANGUAGE AND METHOD (SOFL+MSVL 2019), 2020, 12028 : 328 - 344
[42] Path Coverage Information for Adaptive Random Testing
Sinaga, Arnaldo Marulitua
Hutajulu, Oscar Daniel
Hutahaean, Ruth Tabita
Hutagaol, Ida Christy
PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY (ICIT 2017), 2017, : 248 - 252
[43] A XSS Vulnerability Detection Approach based on Simulating Browser Behavior
Liu Yuan
Zhao Wenbing
Wang Dan
Fu Lihua
2015 2ND INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND SECURITY (ICISS), 2015, : 84 - 87
[44] An Adaptive Partition -Based Approach for Adaptive Random Testing on Real Programs
Xia, Yisheng
Sun, Weifeng
Yan, Meng
Xu, Lei
Yang, Dan
2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING, SANER, 2023, : 668 - 672
[45] Derivation of a household-level vulnerability index for empirically testing measures of adaptive capacity and vulnerability
An Notenbaert
Stanley Nganga Karanja
Mario Herrero
Maute Felisberto
Siboniso Moyo
Regional Environmental Change, 2013, 13 : 459 - 470
[46] Derivation of a household-level vulnerability index for empirically testing measures of adaptive capacity and vulnerability
Notenbaert, An
Karanja, Stanley Nganga
Herrero, Mario
Felisberto, Maute
Moyo, Siboniso
REGIONAL ENVIRONMENTAL CHANGE, 2013, 13 (02) : 459 - 470
[47] Design and Implementation of Dynamic and Efficient Web Crawler for XSS Vulnerability Detection
Chai, Ao
PROCEEDINGS OF THE 2017 5TH INTERNATIONAL CONFERENCE ON MACHINERY, MATERIALS AND COMPUTING TECHNOLOGY (ICMMCT 2017), 2017, 126 : 1169 - 1176
[48] ARTDL: Adaptive Random Testing for Deep Learning Systems
Yan, Min
Wang, Li
Fei, Aiguo
IEEE ACCESS, 2020, 8 : 3055 - 3064
[49] Analysis of adaptive random testing efficiency based on the experiment
Yin, Y. (yyf@buaa.edu.cn), 1600, Beijing University of Aeronautics and Astronautics (BUAA) (40):
[50] OFART: OpenFlow-Switch Adaptive Random Testing
Koo, Dong-Su
Park, Young B.
ADVANCES IN COMPUTER SCIENCE AND UBIQUITOUS COMPUTING, 2017, 421 : 631 - 636

← 1 2 3 4 5 →