Archivo Abierto Institucional de la Universidad Carlos III de Madrid: A multi-agent scanner to detect stored-XSS vulnerabilities

DSpace

e-Archivo

	Home

Browse
	Scientific Research
	Academic thesis
	Journals
	Digital collections
	Institutional Documentation
	Issue Date
	Author
	Title
	Subject

Login:
	My E-Archivo authorized users

	Help and guides
	Feedback

Archivo Abierto Institucional de la Universidad Carlos III de Madrid > Investigación > Departamentos > Departamento de Informática > Grupo de Seguridad de las Tecnologías de la Información y de las Comunicaciones > DI - SETI - Artículos en Congresos Internacionales >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10016/9997

Google™ Scholar. Others By: Galán, Eduardo - Alcaide, Almudena - Orfila, Agustín - Blasco, Jorge

Files in This Item:

paper en proceedings 333-338.pdf

602,72 kB

Adobe PDF

formato pdf

Title:	A multi-agent scanner to detect stored-XSS vulnerabilities
Author(s):	Galán, Eduardo Alcaide, Almudena Orfila, Agustín Blasco, Jorge
Publisher:	IEEE
Issued date:	Nov-2010
Citation:	2010 International Conference for Internet Technology and Secured Transactions (ICITST), pp 1-6
URI:	http://hdl.handle.net/10016/9997
ISBN:	978-1-4244-8862-9
Description:	Proceeding of: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 8 to 11 November 2010 London, England, United Kingdom
Abstract:	The cross-site scripting (XSS) has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation ﬂaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. One interesting possibility to prevent this type of vulnerability is the use of vulnerability scanners. However, current scanners are capable of detecting just one of the two main modalities of XSS attacks. This paper introduces a novel multi–agent system for the automated scanning of web sites to detect the presence of XSS vulnerabilities exploitable by an stored–XSS attack. The rate of detection of the system is evaluated in two different scenarios.
Sponsor:	This work has been partially supported by CDTI (Ministerio de Industria, Turismo y Comercio of Spain) in collaboration with Telefonica I+D, Project SEGUR@ with reference CENIT-2007 2004
Publisher version:	http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=&arnumber=5678543&queryText%3DA+multi-agent+scanner+to+detect+stored-XSS+vulnerabilities%26openedRefinements%3D*%26filter%3DAND%28NOT%284283010803%29%29%26searchField%3DSearch+All
Keywords:	Multi-agent Scanner Stored-XSS XSS
Rights:	© 2010 ICITST-2010 Technical Co-Sponsored by IEEE UK/RI Communications Chapter
Appears in Collections:	DI - SETI - Capítulos de Monografías DI - SETI - Artículos en Congresos Internacionales

Items in E-Archivo are protected by copyright, with all rights reserved, unless otherwise indicated.

© Universidad Carlos III de Madrid - Software DSpace - Terms of use - Feedback