QuoVadis Posted June 21, 2018 Report Posted June 21, 2018 (edited) Most work on DOM Cross-Site Scripting (DOM-XSS) detection methods can be divided into three kinds: black-box fuzzing, static analysis, and dynamic analysis. However, black-box fuzzing and static analysis suffer much from high false negative rates and high false positive rates respectively. Current dynamic analysis is complex and expensive, though it can obtain more efficient results. In this paper, we propose adynamic detection framework (TT-XSS) for DOM-XSS by means of taint tracking at client side. We rewrite all JavaScript features and DOM APIs to taint the rendering process of browsers. To this end, new data types and methods are presented to extend the semantic description ability of the original data structure, based on which we can analyze the taint traces through tainting all sources, sinks and transfer processes during pages parsing. In this way, attack vectors are derived to verify the vulnerabilities automatically. Compared to AWVS 10.0, our framework detects more 1.8% vulnerabilities, and it can generate the corresponding attack vectors to verify 9.1% vulnerabilities automatically. Download paper: https://we.tl/DJcUZKg8Yq Edited June 21, 2018 by QuoVadis 3 Quote
