This is a decommissioned version of ERA which is running to enable completion of migration processes. All new collections and items and all edits to existing items should go to our new ERA instance at https://ualberta.scholaris.ca - Please contact us at erahelp@ualberta.ca for assistance!
- 146 views
- 164 downloads
An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities
-
- Author(s) / Creator(s)
-
Stored Cross-Site Scripting (XSS) vulnerabilities are difficult to detect and state-of-the-art black-box scanners have low detection rates. Both Bau et al. and Doupé et al. investigated black- box web application security scanners, and this paper extends their analyses of state-of-the-art black-box detection of stored XSS. We use our own custom testbed, SimplifiedTB, which is available upon request. Weaknesses and limitations of black-box scanners identified in our study confirm weaknesses and limitations discussed by Bau et al. and Doupé et al. The paper provides a list of recommendations for improving black-box detection of stored XSS vulnerabilities.
-
- Date created
- 2012-01-01
-
- Subjects / Keywords
-
- Type of Item
- Research Material