An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities

Shafi, Alassmi

doi:doi:10.7939/r3-awwb-f078

This is a decommissioned version of ERA which is running to enable completion of migration processes. All new collections and items and all edits to existing items should go to our new ERA instance at https://ualberta.scholaris.ca - Please contact us at erahelp@ualberta.ca for assistance!

View

Download

Communities and Collections

Concordia University of Edmonton / Master of Information Systems Security Management (MISSM) and Master of Information Systems Assurance Management (MISAM) Project Reports (Concordia University of Edmonton)

Usage

146 views
164 downloads

An analysis of the effectiveness of black-box web application scanners in detection of stored XSSI vulnerabilities

Author(s) / Creator(s)
- Shafi, Alassmi
Stored Cross-Site Scripting (XSS) vulnerabilities are difficult to detect and state-of-the-art black-box scanners have low detection rates. Both Bau et al. and Doupé et al. investigated black- box web application security scanners, and this paper extends their analyses of state-of-the-art black-box detection of stored XSS. We use our own custom testbed, SimplifiedTB, which is available upon request. Weaknesses and limitations of black-box scanners identified in our study confirm weaknesses and limitations discussed by Bau et al. and Doupé et al. The paper provides a list of recommendations for improving black-box detection of stored XSS vulnerabilities.
Date created

2012-01-01
Subjects / Keywords
Type of Item

Research Material
DOI

https://doi.org/10.7939/r3-awwb-f078
License

Attribution-NonCommercial 4.0 International

Language
- English