Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing

@article{Abgrall2014EmpiricalIO,
  title={Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing},
  author={E. Abgrall and Y. L. Traon and S. Gombault and Monperrus Martin},
  journal={2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops},
  year={2014},
  pages={34-41}
}
One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical… Expand
4 Citations
Analyzing Security Protocol Web Implementations Based on Model Extraction With Applied PI Calculus
  • PDF
Honeypot Baselining for Zero Day Attack Detection
  • 6
XSnare: Application-specific client-side cross-site scripting protection

References

SHOWING 1-10 OF 35 REFERENCES
Static detection of cross-site scripting vulnerabilities
  • Gary Wassermann, Z. Su
  • Computer Science
  • 2008 ACM/IEEE 30th International Conference on Software Engineering
  • 2008
  • 344
  • PDF
SWAP: Mitigating XSS attacks using a reverse proxy
  • 108
  • PDF
State of the Art: Automated Black-Box Web Application Vulnerability Testing
  • 308
  • PDF
MUTEC: Mutation-based testing of Cross Site Scripting
  • 60
Bypass testing of Web applications
  • 121
  • PDF
An Industrial Case Study of Bypass Testing on Web Applications
  • 10
  • PDF
Web application bypass testing
  • A. Offutt, Y. Wu, Xiaochen Du, H. Huang
  • Computer Science
  • Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004.
  • 2004
  • 20
  • PDF
The essence of command injection attacks in web applications
  • 591
  • PDF
...
1
2
3
4
...