@inproceedings{1a808d433fd74c68be642b8b275e3409,
title = "A Dynamic Detection Technique for XSS Vulnerabilities",
abstract = "This paper studies the principle of vulnerability generation and mechanism of cross-site scripting attack, designs a dynamic cross-site scripting vulnerabilities detection technique based on existing theories of black box vulnerabilities detection. The dynamic detection process contains five steps: crawler, feature construct, attacks simulation, results detection and report generation. Crawling strategy in crawler module and constructing algorithm in feature construct module are key points of this detection process. Finally, according to the detection technique proposed in this paper, a detection tool is accomplished in Linux using python language to detect web applications. Experiments were launched to verify the results and compare with the test results of other existing tools, analyze the usability, advantages and disadvantages of the detection method above, confirm the feasibility of applying dynamic detection technique to cross-site scripting vulnerabilities detection.",
keywords = "black-box testing, cross-site scripting(XSS), dynamic detection, simulated attack",
author = "Hou, {Xin Yu} and Zhao, {Xiao Lin} and Wu, {Mei Jing} and Rui Ma and Chen, {Yu Peng}",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 4th Annual International Conference on Network and Information Systems for Computers, ICNISC 2018 ; Conference date: 20-04-2018 Through 22-04-2018",
year = "2018",
month = apr,
doi = "10.1109/ICNISC.2018.00016",
language = "English",
series = "Proceedings - 2018 4th Annual International Conference on Network and Information Systems for Computers, ICNISC 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "34--43",
editor = "Yinglei Song and Hyunsung Kim and Lan Luo and Noor Zaman",
booktitle = "Proceedings - 2018 4th Annual International Conference on Network and Information Systems for Computers, ICNISC 2018",
address = "United States",
}