Alternative Approach to Automate Detection of DOM-XSS Vulnerabilities

Käesolevas lõputöös pakutakse välja alternatiivne meetod DOM-XSS tuvastamiseks, toetudes juba olemasolevatele lähenemistele, mida kasutavad erinevad XSS tuvastamise veebiskännerid. Veebiskännerite üldine lähenemine on selline, et kõikidesse skännitavatesse veebisisenditesse sisestatakse kood ning kontrollitakse HTML vastust, et tuvastada potentsiaalne XSS haavatavus. Antud lõputöös tehakse ettepanek tuua sisse lisaskännimise kiht, mis kujutab endast eraldi veebilehitsejat. See veebilehitseja vastutaks veebiserverisse kõikide päringute saatmise ja HTML vastuste kuvamise eest. Vastuse kuvamine käivitaks kõik lehel olevad programmikoodid. Iga kood, mis muudab veebi sisu dünaamiliselt põhjustades DOM-XSS, kajastuks renderdatud vastuses. Kuvatud vastuses kontrollitakse XSS haavatavuse olemasolu. Käesoleva lõputöö meetod võimaldab tuvastada nii DOM-XSS kui ka teisi XSS liike. Selleks, et seda meetodit tõestada, on lõputöö autor loonud veebipõhise tööriista XSS tuvastamiseks. Antud tööriist suudab avada ja kontrollida veebilehitsejat, mis võimaldab automaatselt kuvatud veebilehe haavatavust kontrollida. Lõpuks annab tööriist väljundiks skännimisest tekkinud raporti, mis näitab potentsiaalseid XSS vastu haavatavaid sisendeid. See tööriist aitab penetratsiooni testijaid, kes eelistavad manuaalset testimist.This thesis proposes an alternative methodology to detect DOM-XSS by building-up on the existing approach used by web scanners in detecting general XSS. Web scanners general approach is to inject payload in the web page inputs and check the recieved HTML repsonse for possible cross-site scripting vulnerabilties. The thesis proposes to add an extra scan layer which is an actual browser that would be resonsible for sending any request and render the recieved HTML response from webserver. Rendering the response causes any script in the page to be executed, hence any code that alters the page dynamic content causing DOM-XSS will reflect on the rendered response. Then the rendered response is checked for XSS vulnerabilties. The thesis methodology allows detecting both DOM-XSS and other types of XSS. To provide a proof of concept for this methodology, the thesis author created a web-based tool on that premises. The tool can open and control a browser which allows automated loading of web pages and scanning the rendered response for vulnerabilties. Finally, the tool provides detailed scan report that points out possible inputs that might cause XSS in order to assist penetration testers who prefer manual scans

Security Testing: A Survey

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application

Exploring the Effectiveness of Web Crawlers in Detecting Security Vulnerabilities in Computer Software Applications

With the rapid development of the Internet, the World Wide Web has become a carrier of a large amount of information. In order to effectively extract and use this information, web crawlers that crawl various web resources have emerged. The interconnectedness, openness, and interactivity of information in the World Wide Web bring great convenience for information sharing to the society and they also bring many security risks. To protect resource information, computer software security vulnerabilities have become the focus of attention. This article is based on the method of computer software security detection under a web crawler simply analyzes the basic concepts of computer software security detection and analyzes the precautions in the process of security detection. Finally, combined with the computer software security vulnerability problems in the web crawler environment, its security detection technology Application for further analysis

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12% on the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.Comment: A poster version of this paper appeared as https://doi.org/10.1145/3412841.344213

AUTOMATED, SCHEDULED AND CI /CD WEB INJECTION

This report is made within the Curricular Unit (UC) Project, in the 2nd year of the Master in Cyber-security and Forensic Informatics (MCIF) provided by the Polytechnic Institute of Leiria (IPL). The purpose of this project is to study SQL Injection vulnerabilities in web applications. According to OWASP (Open Web Application Security Project) [20][19], this is one of the more prevalent attacks on web applications. As part of this work a web application was implemented, which can from a URL address, go through all the endpoints of the target application and test for SQL Injection vulnerabilities. The application also makes allows for scheduling of the tests and it is integrable with Continuous Integration / Continuous Delivery (CI/CD) environments. According to the literature on the subject, there are several algorithms that can be employed to test for existing SQL Injection vulnerabilities in a web application. In this document, we analyze them both from a theoretical and an implementation point of view. In order to better understand the subject, and produce a useful tool in this space. With the development of this project, we concluded that it is possible to integrate SQL vulnerability tests, with CI/CD pipeline and automate the development process of an application, with the execution of SQL injection tests in an automated way

Web Vulnerability Through Cross Site Scripting (XSS) Detection with OWASP Security Shepherd

Web applications are needed as a solution to the use of internet technology that can be accessed globally, capable of displaying information that is rich in content, cost effective, easy to use and can also be accessed by anyone, anytime and anywhere. In the second quarter of 2020, Wearesocial released information related to internet users in the world around 4.54 billion with 59% penetration. People become very dependent on the internet and also technology. This condition was also triggered due to the Covid-19 pandemic.One thing that becomes an issue on website application security is internet attacks on website platforms and we never expected the vulnerability. One type of attack or security threat that often arises and often occurs is Cross Site Scripting (XSS). XSS is one of Top 10 Open Web Application Security Projects (OWASP) lists.There are several alternatives that we can use to prevent cyber-attack. OWASP Security Shepherd can be used as a way to prevent XSS attacks. The OWASP Security Shepherd project allows users to learn or develop their manual penetration testing skills. In this research, there are several case examples or challenges that we can use as a simulation of the role of OWASP Security Shepherd to detect this XSS. The purpose of this paper is to conduct a brief and clear review of technology on OWASP Security Shepherd. This technology was chosen as an appropriate and inexpensive alternative for users to ward off XSS attacks