A context-sensitive approach for precise detection of cross-site scripting vulnerabilities

  • Gupta M
  • Govil M
  • Singh G
  • 17

    Readers

    Mendeley users who have this article in their library.
  • 1

    Citations

    Citations of this article.

Abstract

Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones. © 2014 IEEE.

Author-supplied keywords

  • Cross-Site Scripting
  • Software Development Life Cycle
  • Taint Analysis
  • Vulnerability Detection
  • XSS Attacks

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Mukesh Kumar Gupta

  • Mahesh Chand Govil

  • Girdhari Singh

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free