An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities

Shafi, Alassmi

doi:doi:10.7939/r3-awwb-f078

This decommissioned ERA site remains active temporarily to support our final migration steps to https://ualberta.scholaris.ca, ERA's new home. All new collections and items, including Spring 2025 theses, are at that site. For assistance, please contact erahelp@ualberta.ca.

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

153 views
174 downloads

An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities

Author(s) / Creator(s)
- Shafi, Alassmi
Stored Cross-Site Scripting (XSS) vulnerabilities are difficult to detect and state-of-the-art black-box scanners have low detection rates. Both Bau et al. and Doupé et al. investigated black- box web application security scanners, and this paper extends their analyses of state-of-the-art black-box detection of stored XSS. We use our own custom testbed, SimplifiedTB, which is available upon request. Weaknesses and limitations of black-box scanners identified in our study confirm weaknesses and limitations discussed by Bau et al. and Doupé et al. The paper provides a list of recommendations for improving black-box detection of stored XSS vulnerabilities.
Date created

2012-01-01
Subjects / Keywords
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-awwb-f078
License

Attribution-NonCommercial 4.0 International

Language
- English