Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Detection of DOM-based cross-site scripting by analyzing dynamically extracted scripts
- Authors
- 도경구; Saha, Suman; Jin, Shizhen
- Issue Date
- Apr-2012
- Publisher
- SERSC
- Citation
- Information Science and Technology, v.3, no.2, pp.487 - 491
- Indexed
- OTHER
- Journal Title
- Information Science and Technology
- Volume
- 3
- Number
- 2
- Start Page
- 487
- End Page
- 491
- Abstract
- Abstract. A malicious hacker may inject untrustworthy payload in a dynamically generated page intentionally. If a web server does not adequately sanitize the input data, the inadvertent execution of client-side scripts injected by malicious users creates security problems. DOM-based Cross-site Scripting (XSS) is a type of XSS that creates such types of security problems in client side. This paper presents a static taint analysis for detecting DOM-based XSS holes from dynamically generated error pages, which directly addresses the absence of built-in filter function. We provide a measurement study that sheds light on the DOM-based XSS holes present in web applications and reveals the severity of this type of XSS in the web world. To the best of our knowledge, there is no directly related work on analyzing HTML pages for detecting DOM-based XSS holes and measuring study of the holes from huge number of web applications. Key words: software security, DOM-based cross-site scripting, static analysis, web application security, scripts
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - COLLEGE OF COMPUTING > SCHOOL OF COMPUTER SCIENCE > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.