Auditing the XSS defence features implemented in web application programs

Publication Type

Journal Article

Publication Date

8-2012

Abstract

Cross site scripting (XSS) vulnerability is mainly caused by the failure of web applications in sanitising user inputs embedded in web pages. Even though state-of-the-art defensive coding methods and vulnerability detection methods are often used by developers and security auditors, XSS flaws still remain in many applications because of (i) the difficulty of adopting these methods, (ii) the inadequate implementation of these methods, and/or (iii) the lack of understanding of XSS problem. To address this issue, this study proposes a code-auditing approach that recovers the defence model implemented in program source code and suggests guidelines for checking the adequacy of recovered model against XSS attacks. On the basis of the possible implementation patterns of defensive coding methods, our approach extracts all such defences implemented for securing each potentially vulnerable HTML output. It then introduces a variant of control flow graph, called tainted-information flow graph, as a model to audit the adequacy of XSS defence artefacts. The authors evaluated the proposed method based on the experiments on seven Java-based web applications. In the auditing experiments, our approach was effective in recovering all the XSS defence features implemented in the test subjects. The extracted artefacts were also shown to be useful for filtering the false-positive cases reported by a vulnerability detection method and helpful in fixing the vulnerable code sections.

Discipline

Programming Languages and Compilers | Software Engineering

Research Areas

Cybersecurity

Publication

IET Software

Volume

6

Issue

4

First Page

377

Last Page

390

ISSN

1751-8806

Identifier

10.1049/iet-sen.2011.0084

Publisher

Institution of Engineering and Technology

Additional URL

https://doi.org/10.1049/iet-sen.2011.0084

This document is currently not available here.

Share

COinS