loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Héloíse Maurel 1 ; Santiago Vidal 2 and Tamara Rezk 1

Affiliations: 1 INRIA, INDES Project, Sophia Antipolis, France ; 2 ISISTAN-CONICET, Tandil, Argentina

Keyword(s): Web Security, Deep Learning, Web Attacks, Cross-site Scripting.

Abstract: Cross-site Scripting (XSS) is one of the most common and impactful software vulnerabilities (ranked second in the CWE ’s top 25 in 2021). Several approaches have focused on automatically detecting software vulnerabilities through machine learning models. To build a model, it is necessary to have a dataset of vulnerable and non-vulnerable examples and to represent the source code in a computer understandable way. In this work, we explore the impact of predicting XSS using representations based on single-tier and multi-tier languages. We built 144 models trained on Javascript-based multitier code - i.e. which includes server code and HTML, Javascript and CSS as client code - and 144 models trained on single-tier code, which include sever code and client-side code as text. Despite the lower precision, our results show a better recall with multitier languages than a single-tier language, implying an insignificant impact on XSS detectors based on deep learning.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.94.251

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Maurel, H.; Vidal, S. and Rezk, T. (2022). Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 189-201. DOI: 10.5220/0010980800003120

@conference{icissp22,
author={Héloíse Maurel. and Santiago Vidal. and Tamara Rezk.},
title={Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
year={2022},
pages={189-201},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010980800003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP
TI - Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning
SN - 978-989-758-553-1
IS - 2184-4356
AU - Maurel, H.
AU - Vidal, S.
AU - Rezk, T.
PY - 2022
SP - 189
EP - 201
DO - 10.5220/0010980800003120
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic