![]() ![]() The XSS cheatsheet series project proposes rules to help developers correctly sanitize or avoid untrusted input in different contexts. Validating all input information during development is the most effective way to eliminate XSS vulnerabilities. Experimental results show that our method finds all XSS vulnerabilities and has no false positives.Īn XSS vulnerability is an injection flaw in a web application caused by untrusted input flowing to a sensitive web application location. To demonstrate the effectiveness of the proposed method, we compare it against four state-of-the-art web scanners. We define the state, action, and reward functions of three reinforcement learning models for XSS vulnerability detection scenarios so that the fuzz loop can be performed automatically. Then, an XSS vulnerability payload generation method is proposed, which is used together with the reinforcement learning model. We first use static analysis to identify potential input points from components (i.e., Java code, configuration files, and HTML files) of the Java web application. ![]() To this end, we propose a grey-box fuzzing method based on reinforcement learning, which can detect reflected and stored XSS vulnerabilities for Java web applications. Unfortunately, black-box scanners rely on crawlers to find input points of web applications and cannot guarantee all input points are tested. Black-box scanners are mainstream tools for security engineers to perform penetration testing and detect XSS vulnerabilities. ![]() The number of XSS vulnerabilities reported has increased annually for the past three years, posing a considerable challenge to web application maintainers. ![]() Cross-site scripting (XSS) vulnerabilities are significant threats to web applications. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |