Generating Test Paths to Detect XSS Vulnerabilities of Web Applications

2022 9th NAFOSTED Conference on Information and Computer Science (NICS) Pub Date : 2022-10-31 DOI:10.1109/NICS56915.2022.10013397

H. Nguyen, Thanh-Nhan Luong, Ninh-Thuan Truong

{"title":"Generating Test Paths to Detect XSS Vulnerabilities of Web Applications","authors":"H. Nguyen, Thanh-Nhan Luong, Ninh-Thuan Truong","doi":"10.1109/NICS56915.2022.10013397","DOIUrl":null,"url":null,"abstract":"Web technologies have developed rapidly because web applications are currently leading the trends in software development. In the face of emerging security issues, preventing software security vulnerabilities is a great concern for developers, vendors, and customers. In fact, the cross-site scripting (XSS) attack is a very popular type of attack that causes security vulnerabilities in web systems. However, when testing to detect XSS attacks for web applications, optimizing the test paths still has some problems with the time or space of the test paths. Therefore, in this paper, we propose a method to solve this problem. Our approach uses Q-learning in generating automated test paths to test XSS vulnerabilities for web applications. The proposed method consists of generating the graph of the web application, setting the weight for the graph, building the memory matrix, and generating test paths. We have experimented proposed approach with the online learning website system. The experimental results show a significant reduction in the number of test paths and this helps to reduce the test case space and test time to detect XSS vulnerabilities of web applications.","PeriodicalId":381028,"journal":{"name":"2022 9th NAFOSTED Conference on Information and Computer Science (NICS)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 9th NAFOSTED Conference on Information and Computer Science (NICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NICS56915.2022.10013397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Web technologies have developed rapidly because web applications are currently leading the trends in software development. In the face of emerging security issues, preventing software security vulnerabilities is a great concern for developers, vendors, and customers. In fact, the cross-site scripting (XSS) attack is a very popular type of attack that causes security vulnerabilities in web systems. However, when testing to detect XSS attacks for web applications, optimizing the test paths still has some problems with the time or space of the test paths. Therefore, in this paper, we propose a method to solve this problem. Our approach uses Q-learning in generating automated test paths to test XSS vulnerabilities for web applications. The proposed method consists of generating the graph of the web application, setting the weight for the graph, building the memory matrix, and generating test paths. We have experimented proposed approach with the online learning website system. The experimental results show a significant reduction in the number of test paths and this helps to reduce the test case space and test time to detect XSS vulnerabilities of web applications.

查看原文本刊更多论文

生成测试路径以检测Web应用程序的XSS漏洞

Web技术发展迅速，因为Web应用程序目前正在引领软件开发的趋势。面对新出现的安全问题，防止软件安全漏洞是开发人员、供应商和客户非常关心的问题。事实上，跨站点脚本(XSS)攻击是一种非常流行的攻击类型，它会在web系统中造成安全漏洞。但是，在对web应用程序进行XSS攻击检测时，优化测试路径仍然存在测试路径的时间或空间问题。因此，本文提出了一种解决这一问题的方法。我们的方法使用Q-learning生成自动测试路径来测试web应用程序的XSS漏洞。该方法包括生成web应用程序的图，设置图的权重，构建内存矩阵和生成测试路径。我们在在线学习网站系统中对所提出的方法进行了实验。实验结果表明，测试路径的数量显著减少，这有助于减少测试用例空间和测试时间来检测web应用程序的XSS漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 9th NAFOSTED Conference on Information and Computer Science (NICS)

自引率

0.00%

发文量