Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications

机译：预测Web应用程序中的跨站点脚本（XSS）安全漏洞

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Recently, machine-learning based vulnerability prediction models are gaining popularity in web security space, as these models provide a simple and efficient way to handle web application security issues. Existing state-of-art Cross-Site Scripting (XSS) vulnerability prediction approaches do not consider the context of the user-input in output-statement, which is very important to identify context-sensitive security vulnerabilities. In this paper, we propose a novel feature extraction algorithm to extract basic and context features from the source code of web applications. Our approach uses these features to build various machine-learning models for predicting context-sensitive Cross-Site Scripting (XSS) security vulnerabilities. Experimental results show that the proposed features based prediction models can discriminate vulnerable code from non-vulnerable code at a very low false rate.

机译：最近，基于机器学习的漏洞预测模型在Web安全领域越来越流行，因为这些模型提供了一种简单有效的方法来处理Web应用程序安全问题。现有的最新跨站点脚本（XSS）漏洞预测方法没有在输出语句中考虑用户输入的上下文，这对于识别上下文相关的安全漏洞非常重要。在本文中，我们提出了一种新颖的特征提取算法，可以从Web应用程序的源代码中提取基本特征和上下文特征。我们的方法使用这些功能来构建各种机器学习模型，以预测上下文相关的跨站点脚本（XSS）安全漏洞。实验结果表明，所提出的基于特征的预测模型能够以非常低的错误率将易受攻击的代码与不可受攻击的代码区分开。

著录项

来源
《The 2015 12th international joint conference on computer science and software engineering: "shaping the future with convergence"》|2015年|162-167|共6页
会议地点 Songkhla(TH)
作者
Gupta Mukesh Kumar; Govil Mahesh Chandra; Singh Girdhari;
展开▼
作者单位

Dept. of Comput. Sci. Eng., Malviya Nat. Inst. of Technol., Jaipur, India;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
context-sensitive; cross-site scripting vulnerability; input validation; machine learning; web application security;

机译：上下文敏感;跨站点脚本漏洞;输入验证;机器学习; Web应用程序安全;

相似文献

外文文献
中文文献
专利

1. Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines [J] . Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil, Indian Journal of Science and Technology . 2015,第30期

机译：使用OWASP ESAPI安全准则从Web应用程序中删除跨站点脚本漏洞
2. Removing Cross-Site Scripting Vulnerabilities from Web Applications using the OWASP ESAPI Security Guidelines [J] . Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil, Indian Journal of Science and Technology . 2015,第30期

机译：使用OWASP ESAPI安全准则从Web应用程序中删除跨站点脚本漏洞
3. Towards Removing Cross-Site Scripting Vulnerabilities from Mobile Web Applications [J] . Isatou Hydara, Abu Bakar Md Sultan, Hazura Zulzalil, Journal of Engineering & Applied Sciences . 2018,第16期

机译：从移动Web应用程序中删除跨站点脚本漏洞
4. Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications [C] . Gupta Mukesh Kumar, Govil Mahesh Chandra, Singh Girdhari International joint conference on computer science and software engineering . 2015

机译：预测Web应用程序中的跨站点脚本（XSS）安全漏洞
5. Evaluation of Training Methods That Prepare Software Programmers to Mitigate Web Application Cross-Site Scripting (XSS) Vulnerabilities for Software Vendors of Commercial Banks [D] . Oladele, Adekunle 2019

机译：对培训方法的评估，这些培训方法使软件程序员能够缓解商业银行软件供应商的Web应用程序跨站点脚本（XSS）漏洞
6. The Vulnerability Scan a Web Tool to Increase Institutional Biosecurity Resilience [O] . Stephanie E. Meulenbelt, Mark W. J. van Passel, Arnout de Bruin, 2019

机译：漏洞扫描一种提高机构生物安全复原力的网络工具
7. A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing [O] . Simos, Dimitris,, Kleine, Kristoffer, Ghandehari, Laleh, 2016

机译：Web应用程序安全性测试中分析跨站点脚本（XSS）漏洞的组合方法

Predicting Cross-Site Scripting (XSS) security vulnerabilities in web applications

摘要

著录项

相似文献

相关主题

期刊订阅