Thumbnail
Access Restriction
Open

Author Wassermann, Gary ♦ Su, Zhendong
Source CiteSeerX
Content type Text
Publisher ACM
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Javascript Interpreter ♦ Unknown Vulnerability ♦ Fire-fox Source Code ♦ Web Applica-tions ♦ Attack Today ♦ String Analysis ♦ Security Problem ♦ Cross-site Scripting ♦ W3c Recommendation ♦ Absent Input Validation ♦ Many Way ♦ Approach Combine ♦ Extensive Evaluation ♦ Tainted Information Flow ♦ Proper Input Validation ♦ X Vulnerability ♦ Assume Input Validation Function ♦ Real-world Web Application ♦ Many False Positive ♦ Server Privilege ♦ X Vulnerabil-ities ♦ Online Tutorial ♦ Cross-site Scripting Vulnerability ♦ Browser Javascript Interpreter ♦ Static Analysis ♦ Closed-source Browser ♦ Static Detection ♦ Daily Activity ♦ Untrusted Input ♦ Effective Checking Algorithm ♦ Web Client ♦ Html Mark-up ♦ Web Application ♦ Prevalent Class ♦ Trusted Server ♦ Real Vulnerability
Description Web applications support many of our daily activities, but they of-ten have security problems, and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker exploits the trust a web client (browser) has for a trusted server and executes injected script on the browser with the server’s privileges. In 2006, XSS constituted the largest class of newly reported vulnerabilities making it the most prevalent class of attacks today. Web applica-tions have XSS vulnerabilities because the validation they perform on untrusted input does not suffice to prevent that input from invok-ing a browser’s JavaScript interpreter, and this validation is partic-ularly difficult to get right if it must admit some HTML mark-up. Most existing approaches to finding XSS vulnerabilities are taint-based and assume input validation functions to be adequate, so they either miss real vulnerabilities or report many false positives. This paper presents a static analysis for finding XSS vulnerabil-ities that directly addresses weak or absent input validation. Our approach combines work on tainted information flow with string analysis. Proper input validation is difficult largely because of the many ways to invoke the JavaScript interpreter; we face the same obstacle checking for vulnerabilities statically, and we address it by formalizing a policy based on the W3C recommendation, the Fire-fox source code, and online tutorials about closed-source browsers. We provide effective checking algorithms based on our policy. We implement our approach and provide an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 2008-01-01
Publisher Institution In Proceedings of the 30th international conference on Software engineering