Automatic Detection of Second-Order XSS Vulnerabilities

Christian Korscheck

xss xss攻击

Cross-Site Scripting (XSS) is a widespread security issue in many modern Web applications. One way to detect these vulnerabilities is to use fully automated tools such as Web Vulnerability Scanners. But recent research shows that the detection rate of certain types of XSS vulnerabilities is rather disappointing. In particular, scanners face problems in detecting stored XSS properly. This diploma thesis investigates the reasons why Web Vulnerability Scanners fail to detect these types of XSS and comes to the conclusion that the typical classi?cation in reected and stored is insu?cient. Whether an attack vector is reected in an immediate response (?rst-order) or in a later response (second-order) plays an important role but also the way how data is processed and stored in the database has signi?cant impact on the detection rate. To back up the claims made in this thesis about the shortcomings of scanners, ?ve modern Web Vulnerability Scanners are evaluated with a custom evaluation application that covers XSS vulnerabilities in depth. This thesis also evaluates how a novel work ow-based scanner architecture performs in comparison to traditional architectures and how the work ow-based approach can be leveraged even further.

• Introduction
• Second-Order Cross-Site Scripting
• Discovering Web Vulnerabilities
• Resolving Web Vulnerabilities
• Workfow-based XSS Detection
• The General Architecture
• Modeling User Behavior with Use Cases
• iStar's Architecture Examined
• Improving Use Cases
• Implementation
• Evaluation
• Discussion
• Conclusions