Towards a Lightweight, Hybrid Approach for Detecting DOM XSS Vulnerabilities with Machine Learning
William Melicher, Clement Fung, Lujo Bauer, Limin Jia
Abstract
Client-side cross-site scripting (DOM XSS) vulnerabilities in web applications are common, hard to identify, and difficult to prevent. Taint tracking is the most promising approach for detecting DOM XSS with high precision and recall, but is too computationally expensive for many practical uses.
Topics & Concepts
Cross-site scriptingComputer scienceScripting languageTaint checkingWeb applicationComputer securityPrecision and recallArtificial intelligenceWorld Wide WebWeb application securityOperating systemSoftwareWeb serviceWeb developmentWeb Application Security VulnerabilitiesSoftware Engineering Research