Black-box vulnerability scanners can miss a non-negligible portion of vulnerabilities. This is true even for cross-site scripting (XSS) vulnerabilities, which are relatively simple to spot. In this paper, we focus on this vulnerability class, and systematically explore 6 black-box scanners to uncover how they detect XSS vulnerabilities, and obtain useful insights to understand their limitations and design better detection methods. A novelty of our workflow is the retrofitting of the testbed so as to accommodate payloads that triggered no vulnerabilities in the initial set. This has the benefit of creating a systematic process to increase the number of test cases, which was not considered by previous testbeddriven approaches.
CITATION STYLE
Bazzoli, E., Criscione, C., Maggi, F., & Zanero, S. (2016). XSS PEEKER: Dissecting the XSS exploitation techniques and fuzzing mechanisms of blackbox web application scanners. In IFIP Advances in Information and Communication Technology (Vol. 471, pp. 243–258). Springer New York LLC. https://doi.org/10.1007/978-3-319-33630-5_17
Mendeley helps you to discover research relevant for your work.