An Approach for the Automated Detection of XSS Vulnerabilities in Web Templates

Web sites are exposed to various threats such as injections or denial of service attacks. Hence, the protection of the web site and the underlying system components is of major importance in order to deploy a reliable and secure web application. The task of securing a web application is quite complex. It requires the hardening of the system components and installation of security patches on a regular basis. Furthermore, the web application should be checked against vulnerabilities by using penetration testing methods. From a developer’s point of view, security aspects should be considered in the early stage of web application’s development life cycle already. Of special interest is the web template which is used to generate the user interface of the web page. This component connects the web application to the outside world. Hence, it is the main entrance point to inject malicious things into the web application. In this paper, we present an approach to check web templates against cross site scripting (XSS) attacks in an automatic manner. The basic idea is inspired by the LLVM compiler which uses an internal representation to optimize the machine code independently from the used programming language. Instead of searching for vulnerabilities selectively in the template code itself, the web template is converted into an internal representation. This representation decouples the structure of the web template from the syntax of the template engine. The internal representation is analysed with respect to exploitable parts. The results of the analysis are potentially vulnerable code snippets. These snippets are coded back into the template format and are used within unit tests to check whether they can be exploited with actual attack vectors. The advantage of our approach is its universality; it works with any kind of web template engine.