Sciweavers

Share
CCS
2015
ACM

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting

4 years 3 months ago
From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting
Although studies have shown that at least one in ten Web pages contains a client-side XSS vulnerability, the prevalent causes for this class of Cross-Site Scripting have not been studied in depth. Therefore, in this paper, we present a large-scale study to gain insight into these causes. To this end, we analyze a set of 1,273 real-world vulnerabilities contained on the Alexa Top 10k domains using a specifically designed architecture, consisting of an infrastructure which allows us to persist and replay vulnerabilities to ensure a sound analysis. In combination with a taint-aware browsing engine, we can therefore collect important execution trace information for all flaws. Based on the observable characteristics of the vulnerable JavaScript, we derive a set of metrics to measure the complexity of each flaw. We subsequently classify all vulnerabilities in our data set accordingly to enable a more systematic analysis. In doing so, we find that although a large portion of all vulnerab...
Ben Stock, Stephan Pfistner, Bernd Kaiser, Sebasti
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Ben Stock, Stephan Pfistner, Bernd Kaiser, Sebastian Lekies, Martin Johns
Comments (0)
books