Detection of DOM-based cross-site scripting by analyzing dynamically extracted scripts
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 도경구 | - |
dc.contributor.author | Saha, Suman | - |
dc.contributor.author | Jin, Shizhen | - |
dc.date.accessioned | 2021-06-23T07:42:19Z | - |
dc.date.available | 2021-06-23T07:42:19Z | - |
dc.date.created | 2021-02-18 | - |
dc.date.issued | 2012-04 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/33078 | - |
dc.description.abstract | Abstract. A malicious hacker may inject untrustworthy payload in a dynamically generated page intentionally. If a web server does not adequately sanitize the input data, the inadvertent execution of client-side scripts injected by malicious users creates security problems. DOM-based Cross-site Scripting (XSS) is a type of XSS that creates such types of security problems in client side. This paper presents a static taint analysis for detecting DOM-based XSS holes from dynamically generated error pages, which directly addresses the absence of built-in filter function. We provide a measurement study that sheds light on the DOM-based XSS holes present in web applications and reveals the severity of this type of XSS in the web world. To the best of our knowledge, there is no directly related work on analyzing HTML pages for detecting DOM-based XSS holes and measuring study of the holes from huge number of web applications. Key words: software security, DOM-based cross-site scripting, static analysis, web application security, scripts | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | SERSC | - |
dc.title | Detection of DOM-based cross-site scripting by analyzing dynamically extracted scripts | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | 도경구 | - |
dc.identifier.bibliographicCitation | Information Science and Technology, v.3, no.2, pp.487 - 491 | - |
dc.relation.isPartOf | Information Science and Technology | - |
dc.citation.title | Information Science and Technology | - |
dc.citation.volume | 3 | - |
dc.citation.number | 2 | - |
dc.citation.startPage | 487 | - |
dc.citation.endPage | 491 | - |
dc.type.rims | ART | - |
dc.description.journalClass | 1 | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | other | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.