We consider the case where a knowledge base consists of interactions among parameter values in an input parameter model for web application security testing. The input model gives rise to attack strings to be used for exploiting XSS vulnerabilities, a critical threat towards the security of web applications. Testing results are then annotated with a vulnerability triggering or non-triggering classification, and such security knowledge findings are added back to the knowledge base, making the resulting attack capabilities superior for newly requested input models. We present our approach as an iterative process that evolves an input model for security testing. Empirical evaluation on six real-world web application shows that the process effectively evolves a knowledge base for XSS vulnerability detection, achieving on average 78.8% accuracy.
CITATION STYLE
Garn, B., Radavelli, M., Gargantini, A., Leithner, M., & Simos, D. E. (2019). A fault-driven combinatorial process for model evolution in XSS vulnerability detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11606 LNAI, pp. 207–215). Springer Verlag. https://doi.org/10.1007/978-3-030-22999-3_19
Mendeley helps you to discover research relevant for your work.