Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications

Abstract

Recently, machine-learning based vulnerability prediction models are gaining popularity in web security space, as these models provide a simple and efficient way to handle web application security issues. Existing state-of-art Cross-Site Scripting (XSS) vulnerability prediction approaches do not consider the context of the user-input in output-statement, which is very important to identify context-sensitive security vulnerabilities. In this paper, we propose a novel feature extraction algorithm to extract basic and context features from the source code of web applications. Our approach uses these features to build various machine-learning models for predicting context-sensitive Cross-Site Scripting (XSS) security vulnerabilities. Experimental results show that the proposed features based prediction models can discriminate vulnerable code from non-vulnerable code at a very low false rate.

6 Figures and Tables

Cite this paper

@article{Gupta2015PredictingCS, title={Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications}, author={Mukesh Kumar Gupta and Mahesh Chandra Govil and Girdhari Singh}, journal={2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE)}, year={2015}, pages={162-167} }