An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities

• Author(s) / Creator(s)

  • Shafi, Alassmi

• Stored Cross-Site Scripting (XSS) vulnerabilities are difficult to detect and state-of-the-art black-box scanners have low detection rates. Both Bau et al. and Doupé et al. investigated black- box web application security scanners, and this paper extends their analyses of state-of-the-art black-box detection of stored XSS. We use our own custom testbed, SimplifiedTB, which is available upon request. Weaknesses and limitations of black-box scanners identified in our study confirm weaknesses and limitations discussed by Bau et al. and Doupé et al. The paper provides a list of recommendations for improving black-box detection of stored XSS vulnerabilities.

• Date created

  2012-01-01

• Subjects / Keywords

  • Stored Cross-Site Scripting Injection
  • XSSI vulnerabilities
  • black-box scanners

• Type of Item

  Research Material

• DOI

  https://doi.org/10.7939/r3-awwb-f078

• License

  Attribution-NonCommercial 4.0 International