Escolar Documentos
Profissional Documentos
Cultura Documentos
I. I NTRODUCTION
The complexity of web applications has increased tremendously from the static web sites to dynamic web applications.
The dynamic applications get user inputs and utilize them in
the output statements for providing the dynamic response to
the end users. The use of user input in the output statements
without any validations permit attackers to inject malicious
scripts for account hijacking, cookie theft and web content
manipulations. Such type of scenario is termed as cross-site
scripting (acronym XSS) attack.
Cross-site scripting (XSS) attack occurs in three different ways: reected-XSS (Type 1), stored-XSS (Type 2),
and DOM-based (Type 0). Reected-XSS, considered nonpersistent, allows the attackers to insert malicious scripts via.
GET or POST methods into the server immediate returned
response page. Persistent-XSS attack occurs when attackers
malicious input is stored in the server and later it is inserted
into an output statement, to perform unusual activities. For
example, the attacker logs into a forum and stores comment
that contains malicious JavaScript. Further, if the page is
c
978-1-4799-8792-4/15/$31.00 2015
IEEE
2010
i.e. Pixy [2], RIPS [3] detect both code snippets as nonvulnerable, as these tools do not consider the effect of HTML
context in the output statement. Therefore, it is necessary to
consider the context sensitivity for precise identication of
XSS vulnerabilities.
In this paper, we present an approach that embeds context
sensitivity to the existing taint analysis technique with a sole
purpose of identifying the XSS vulnerability with much more
precise detection rate. We focus on the web applications
developed in PHP as it occupies the highest percentage of
server-side programming language [4] in the web application
development. The contributions of this paper are as follows:
2011
2)
3)
4)
B. Context Identication
In this phase, we process the probable vulnerable statement
discovered in the last phase to identify the context associated
with it. First, we determine the block context (e.g. body, script,
style, etc.) in which pv-out statement is present. Then, we
analyze constant string in the pv-out statement for statementlevel context identication. The proposed rules for contextidentication that also include nested context (e.g. script
inside a body block) are as follows.
1) Rule #1: If the user-input is referenced in an outputstatement that either contains a complete HTML tag or
no HTML tag in the constant string. Then, the context
of the user-input in the output-statement is equal to its
block context.
Example:
<!-- <?php $var = $_GET['input'];
echo $var; ?> -->
2012
5)
# of Safe
Sample Files
4200
# of Unsafe
Sample Files
2856
TABLE II
DISPLAYS THE FALSE RESULTS % OF EACH TOOL
Results (# of Samples)
False Positive
False Negative
2013
2014
Static analysis based detection techniques use a set of predened rules to detect vulnerabilities in source code without executing it. In this paper, we incorporated the context-sensitivity
concepts with existing static taint analysis technique for the
sole purpose of improvement in the precise detection rate.
An implementation of the proposed approach as a prototype
tool XSSDM has been tested against the public dataset. The
experimental results attained serve to assure the preciseness
and efciency of the proposed approach.
Although the experimental results of the XSSDM tool on
considered data set are promising, the tool still needs to be
tested for real-world web applications. In future, the proposed
work will be upgraded to support object-oriented paradigm as
it is an urgent need for current web application development.
R EFERENCES
[1] OWASP, Usage top 10 2013, https://www.owasp.org/index.php, 2015,
accessed: 2015-04-09.
[2] N. Jovanovic, C. Kruegel, and E. Kirda, Pixy: a static analysis tool for
detecting web application vulnerabilities, pp. 258263, May 2006.
[3] J. Dahse, A vulnerability scanner for different kinds of vulnerabilities,
http://rips-scanner.sourceforge.net, 2015, accessed: 2015-04-09.
[4] W3Techs, Usage of server-side programming languages for websites,
http://w3techs.com/technologies/overview/programming language/all,
2015, accessed: 2015-04-09.
[5] I. Hydara, A. B. M. Sultan, H. Zulzalil, and N. Admodisastro, Current
state of research on cross-site scripting a systematic literature review,
Information and Software Technology, vol. 58, no. 0, pp. 170 186,
2015.
[6] G. Wassermann and Z. Su, Static detection of cross-site scripting
vulnerabilities, New York, NY, USA, pp. 171180, 2008.
[7] L. Shar and H. Tan, Auditing the xss defence features implemented in
web application programs, Software, IET, vol. 6, no. 4, pp. 377390,
August 2012.
[8] L. K. Shar and H. B. K. Tan, Automated removal of cross site scripting
vulnerabilities in web applications, Inf. Software Technology, vol. 54,
no. 5, pp. 467478, May 2012.
[9] OWASP,
Xss
(cross
site
scripting)
prevention
cheat
sheet,
https://www.owasp.org/index.php/
2015,
XSS %28Cross Site Scripting%29 Prevention Cheat Sheet,
accessed: 2015-04-09.
[10] B. S. Aurelien DELAITRE, Php vulnerabilities test suite,
https://github.com/stivalet/PHP-Vulnerability-test-suite , 2015, accessed:
2015-04-09.
VI. APPENDIX
As an illustration, some PHP source codes, results of their output-statement HTML Context and vulnerability status are
shown in Table 4. It shows that a standard PHP sanitization function(e.g. htmlspecialchars) is not sufcient to mitigate XSS
vulnerabilities in different HTML contexts.
2015