Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing

  title={Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing},
  author={Erwan Abgrall and Yves Le Traon and Sylvain Gombault and Monperrus Martin},
  journal={2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops},
  • E. Abgrall, Y. Traon, Monperrus Martin
  • Published 1 March 2014
  • Computer Science
  • 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops
One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical… 

Figures and Tables from this paper

XSnare: Application-specific client-side cross-site scripting protection
XSnare is the first protection mechanism for XSS that is application-specific, and based on publicly available CVE information, and it is shown that XSnare’s specificity protects users against exploits which evade other, more generic, XSS defenses.
Handling cross site scripting attacks using cache check to reduce webpage rendering time with elimination of sanitization and filtering in light weight mobile web browser
It is believed that rendering times in mobile browsers will be significantly reduced as part of the checking is done via the server, and fewer checking within the mobile browser which is slower than the server.
Analyzing Security Protocol Web Implementations Based on Model Extraction With Applied PI Calculus
This paper first defines SubJavaScript and SubPython languages, and then establishes mapping models from SubPython and Sub JavaScript to Applied PI Calculus respectively, and develops the semi-automatic model extraction tools SubPython2PV and Sub JavaScriptScript2Pv to analyze the four widely used security protocol web implementations.
Honeypot Baselining for Zero Day Attack Detection
The authors claim that this Honeypot system modeling is useful at the time of attack data analysis, as it enables the mapping of captured attacks to the vulnerabilities exposed by the Honeypot.


Static detection of cross-site scripting vulnerabilities
  • Gary Wassermann, Z. Su
  • Computer Science
    2008 ACM/IEEE 30th International Conference on Software Engineering
  • 2008
This paper presents a static analysis for finding XSS vulnerabilities that directly addresses weak or absent input validation, and implements the approach and provides an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.
Cross Site Scripting-Latest developments and solutions: A survey
The authors propose the future line of research based on the gaps in the existing solutions proposed by earlier research work, which would help to evade the counter measures built within the web applications.
SWAP: Mitigating XSS attacks using a reverse proxy
This paper introduces SWAP (Secure Web Application Proxy), a server-side solution for detecting and preventing cross-site scripting attacks, which comprises a reverse proxy that intercepts all HTML responses, as well as a modified Web browser which is utilized to detect script content.
Web application security assessment by fault injection and behavior monitoring
The design of Web application security assessment mechanisms are analyzed in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting.
State of the Art: Automated Black-Box Web Application Vulnerability Testing
The results show the promise and effectiveness of automated tools, as a group, and also some limitations, and in particular, "stored" forms of Cross Site Scripting and SQL Injection vulnerabilities are not currently found by many tools.
MUTEC: Mutation-based testing of Cross Site Scripting
This work addresses XSSVs related to web-applications that use PHP and JavaScript code to generate dynamic HTML contents and proposes 11 mutation operators to force the generation of adequate test data set.
Bypass testing of Web applications
This paper is developing a strategy called bypass testing to create client-side tests for Web applications that intentionally violate explicit and implicit checks on user inputs, and presents initial empirical results from applying bypass testing.
An Industrial Case Study of Bypass Testing on Web Applications
This paper presents results from an industry case study of bypass testing applied to a project from Avaya Research Labs, NPP, and presents a process for designing, implementing, automating and developing bypass tests.
Web application bypass testing
The issues and concerns that allow bypass testing, the preliminary concepts behind the technique, and some early results on applying it are presented.
The essence of command injection attacks in web applications
This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them based on context-free grammars and compiler parsing techniques.