A Source Code Cross-site Scripting Vulnerability Detection Method

• Mu Chen,
• Lu Chen,
• Zhipeng Shao,
• Zaojian Dai,
• Nige Li,
• Xingjie Huang,
• Qian Dang,
• Xinjian Zhao,

Vol. 17, No. 6, June 30, 2023
10.3837/tiis.2023.06.009, Download Paper (Free):

• Vulnerability Detection
• XSS(cross-site scripting) vulnerability
• Static Analysis
• Dynamic Testing
• Webpage attack simulation

Abstract

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: “white-box testing” and “black-box testing”. Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.

Statistics

Cite this article