Please use this identifier to cite or link to this item:
http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16300
Title: | Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications |
Authors: | Gupta, Shashank |
Keywords: | Computer Science Cross-Site Scripting (XSS) attacks JavaScript Injection Vulnerabilities XSS Cheat Sheet |
Issue Date: | 2016 |
Publisher: | Elsevier |
Abstract: | This paper discussed some of the performance issues in the existing defensive solutions of Java Script injection attacks (e.g. Cross-Site Scripting (XSS) attacks). Moreover, a high level of comparison for such existing solutions has been done based on some useful metrics. Based on the identified performance issues, this paper proposed an automated detection system, which scans the numerous possible locations of web sites for JavaScript injection vulnerabilities. Our detection system, firstly, scans the web site for discovering the injection locations. Secondly, it injects the malicious XSS attack vectors in such injection points. Lastly, it takes an input as the list of different XSS attacks exploited in the second step and scan for these attacks in the vulnerable web application. Detection capability of our automated system is evaluated on a real world PHP web application i.e. BlogIt and results obtained are very promising. |
URI: | https://www.sciencedirect.com/science/article/pii/S1877050916000168 http://dspace.bits-pilani.ac.in:8080/jspui/handle/123456789/16300 |
Appears in Collections: | Department of Computer Science and Information Systems |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.