A multi-agent scanner to detect stored-XSS vulnerabilities

e-Archivo Repository

Show simple item record

dc.contributor.author Galán, Eduardo
dc.contributor.author Alcaide, Almudena
dc.contributor.author Orfila, Agustín
dc.contributor.author Blasco, Jorge
dc.date.accessioned 2011-01-18T10:06:38Z
dc.date.available 2011-01-18T10:06:38Z
dc.date.issued 2010-11
dc.identifier.bibliographicCitation 2010 International Conference for Internet Technology and Secured Transactions (ICITST), pp 1-6
dc.identifier.isbn 978-1-4244-8862-9
dc.identifier.uri http://hdl.handle.net/10016/9997
dc.description Proceeding of: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), 8 to 11 November 2010 London, England, United Kingdom
dc.description.abstract The cross-site scripting (XSS) has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. One interesting possibility to prevent this type of vulnerability is the use of vulnerability scanners. However, current scanners are capable of detecting just one of the two main modalities of XSS attacks. This paper introduces a novel multi–agent system for the automated scanning of web sites to detect the presence of XSS vulnerabilities exploitable by an stored–XSS attack. The rate of detection of the system is evaluated in two different scenarios.
dc.description.sponsorship This work has been partially supported by CDTI (Ministerio de Industria, Turismo y Comercio of Spain) in collaboration with Telefonica I+D, Project SEGUR@ with reference CENIT-2007 2004
dc.format.mimetype application/pdf
dc.language.iso eng
dc.publisher IEEE
dc.rights © 2010 ICITST-2010 Technical Co-Sponsored by IEEE UK/RI Communications Chapter
dc.subject.other Multi-agent
dc.subject.other Scanner
dc.subject.other Stored-XSS
dc.subject.other XSS
dc.title A multi-agent scanner to detect stored-XSS vulnerabilities
dc.type bookPart
dc.type conferenceObject
dc.description.status Publicado
dc.relation.publisherversion http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=&arnumber=5678543&queryText%3DA+multi-agent+scanner+to+detect+stored-XSS+vulnerabilities%26openedRefinements%3D*%26filter%3DAND%28NOT%284283010803%29%29%26searchField%3DSearch+All
dc.subject.eciencia Informática
dc.rights.accessRights openAccess
dc.type.version publishedVersion
dc.relation.eventdate 8 to 11 November 2010
dc.relation.eventplace London (England, United Kingdom)
dc.relation.eventtitle 2010 International Conference for Internet Technology and Secured Transactions (ICITST)
dc.relation.eventtype proceeding
dc.identifier.publicationfirstpage 1
dc.identifier.publicationlastpage 6
dc.identifier.publicationtitle 2010 International Conference for Internet Technology and Secured Transactions (ICITST)
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)


This item appears in the following Collection(s)

Show simple item record