Publication: A multi-agent scanner to detect stored-XSS vulnerabilities
dc.affiliation.dpto | UC3M. Departamento de Informática | es |
dc.affiliation.grupoinv | UC3M. Grupo de Investigación: COSEC (Computer SECurity Lab) | es |
dc.contributor.author | Galán, Eduardo | |
dc.contributor.author | Alcaide Raya, Almudena | |
dc.contributor.author | Orfila Díaz-Pabon, Agustín | |
dc.contributor.author | Blasco Alís, Jorge | |
dc.date.accessioned | 2011-01-18T10:06:38Z | |
dc.date.available | 2011-01-18T10:06:38Z | |
dc.date.issued | 2010-11 | |
dc.description | Proceeding of: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 8 to 11 November 2010 London, England, United Kingdom | |
dc.description.abstract | The cross-site scripting (XSS) has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. One interesting possibility to prevent this type of vulnerability is the use of vulnerability scanners. However, current scanners are capable of detecting just one of the two main modalities of XSS attacks. This paper introduces a novel multi–agent system for the automated scanning of web sites to detect the presence of XSS vulnerabilities exploitable by an stored–XSS attack. The rate of detection of the system is evaluated in two different scenarios. | |
dc.description.sponsorship | This work has been partially supported by CDTI (Ministerio de Industria, Turismo y Comercio of Spain) in collaboration with Telefonica I+D, Project SEGUR@ with reference CENIT-2007 2004 | |
dc.description.status | Publicado | |
dc.format.mimetype | application/pdf | |
dc.identifier.bibliographicCitation | 2010 International Conference for Internet Technology and Secured Transactions (ICITST), pp 1-6 | |
dc.identifier.isbn | 978-1-4244-8862-9 | |
dc.identifier.publicationfirstpage | 1 | |
dc.identifier.publicationlastpage | 6 | |
dc.identifier.publicationtitle | 2010 International Conference for Internet Technology and Secured Transactions (ICITST) | |
dc.identifier.uri | https://hdl.handle.net/10016/9997 | |
dc.language.iso | eng | |
dc.publisher | IEEE | |
dc.relation.eventdate | 8 to 11 November 2010 | |
dc.relation.eventplace | London (England, United Kingdom) | |
dc.relation.eventtitle | 2010 International Conference for Internet Technology and Secured Transactions (ICITST) | |
dc.relation.publisherversion | http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=&arnumber=5678543&queryText%3DA+multi-agent+scanner+to+detect+stored-XSS+vulnerabilities%26openedRefinements%3D*%26filter%3DAND%28NOT%284283010803%29%29%26searchField%3DSearch+All | |
dc.rights | © 2010 ICITST-2010 Technical Co-Sponsored by IEEE UK/RI Communications Chapter | |
dc.rights.accessRights | open access | |
dc.subject.eciencia | Informática | |
dc.subject.other | Multi-agent | |
dc.subject.other | Scanner | |
dc.subject.other | Stored-XSS | |
dc.subject.other | XSS | |
dc.title | A multi-agent scanner to detect stored-XSS vulnerabilities | |
dc.type | conference paper | * |
dc.type.hasVersion | VoR | * |
dspace.entity.type | Publication |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- paper en proceedings 333-338.pdf
- Size:
- 602.72 KB
- Format:
- Adobe Portable Document Format