research-article

FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications

Authors:

Frank PiessensAuthors Info & Claims

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Pages 12 - 13

https://doi.org/10.1145/2414456.2414462

Published: 02 May 2012 Publication History

Get Access

Abstract

The last fifteen years have transformed the Web in ways that would seem unimaginable to anyone of the "few" Internet users of the year 1995 [8]. What began as a simple set of protocols and mechanisms facilitating the exchange of static documents between remote computers is now an everyday part of billions' of users life, technical and non-technical alike. The sum of a user's daily experience is composed of open standards, such as HTML, JavaScript and Cascading Style Sheets as well as proprietary plugins, such as Adobe's Flash [1] and Microsoft's Silverlight [6].

References

[1]

Flash Player | Adobe Flash Player 11 | Overview. http://www.adobe.com/products/flashplayer.html.

Google Scholar

[2]

M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda. Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA '09, pages 88--106, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

Google Scholar

[3]

Pc penetration | statistics | adobe flash platform runtimes. http://www.adobe.com/products/flashplatformruntimes/statistics.html.

Google Scholar

[4]

HTML5. http://dev.w3.org/html5/spec/Overview.html.

Google Scholar

[5]

JoMo-kun. m0j0.j0j0 Guide to IIS Hacking. http://www.foofus.net/~jmk/iis.html.

Google Scholar

[6]

Microsoft Silverlight. http://www.microsoft.com/silverlight/.

Google Scholar

[7]

Rich internet application (ria) market share. http://www.statowl.com/custom_ria_market_penetration.php.

Google Scholar

[8]

C. Stoll. The internet? bah! http://www.thedailybeast.com/newsweek/1995/02/26/the-internet-bah.html, 1995.

Google Scholar

[9]

The Cross-site Scripting FAQ. http://www.cgisecurity.com/xss-faq.html.

Google Scholar

Cited By

View all

Hannousse AYahiouche SNait-Hamoud M(2024)Twenty-two years since revealing cross-site scripting attacksComputer Science Review10.1016/j.cosrev.2024.10063452:COnline publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2024.100634
Wi SWoo SWhang JSon S(2022)HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property GraphsProceedings of the ACM Web Conference 202210.1145/3485447.3512235(755-766)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512235
Lee SWi SSon S(2022)Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement LearningProceedings of the ACM Web Conference 202210.1145/3485447.3512234(743-754)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512234
Show More Cited By

Index Terms

FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

May 2012

119 pages

ISBN:9781450316484

DOI:10.1145/2414456

General Chairs:
Heung Youl Youm
SoonChunHyang University, Korea
,
Yoojae Won
Kisa, Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ASIA CCS '12

Sponsor:

SIGSAC

ASIA CCS '12: 7th ACM Symposium on Information, Compuer and Communications Security

May 2 - 4, 2012

Seoul, Korea

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
309
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)2

Reflects downloads up to 29 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hannousse AYahiouche SNait-Hamoud M(2024)Twenty-two years since revealing cross-site scripting attacksComputer Science Review10.1016/j.cosrev.2024.10063452:COnline publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2024.100634
Wi SWoo SWhang JSon S(2022)HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property GraphsProceedings of the ACM Web Conference 202210.1145/3485447.3512235(755-766)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512235
Lee SWi SSon S(2022)Link: Black-Box Detection of Cross-Site Scripting Vulnerabilities Using Reinforcement LearningProceedings of the ACM Web Conference 202210.1145/3485447.3512234(743-754)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512234
Stewart H(2022)Digital Transformation Security ChallengesJournal of Computer Information Systems10.1080/08874417.2022.211595363:4(919-936)Online publication date: 7-Sep-2022
https://doi.org/10.1080/08874417.2022.2115953
Gupta SSharma MKumar D(2019)SEC‐H5: Secure and efficient integration of settings of enhanced HTML5 XSS vector defensive framework on edge network of fog nodesConcurrency and Computation: Practice and Experience10.1002/cpe.518831:17Online publication date: 17-Feb-2019
https://doi.org/10.1002/cpe.5188
(2018)Plague of cross-site scripting on web applicationsInternational Journal of Web Based Communities10.5555/3212445.321245014:1(64-93)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.5555/3212445.3212450
Arshad SMirheidari SLauinger TCrispo BKirda ERobertson WChampin PGandon FMédini LLalmas MIpeirotis P(2018)Large-Scale Analysis of Style Injection by Relative Path OverwriteProceedings of the 2018 World Wide Web Conference10.1145/3178876.3186090(237-246)Online publication date: 10-Apr-2018
https://dl.acm.org/doi/10.1145/3178876.3186090
Gupta SGupta B(2018)Evaluation and monitoring of XSS defensive solutions: a survey, open research issues and future directionsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-018-1118-3Online publication date: 8-Nov-2018
https://doi.org/10.1007/s12652-018-1118-3
Alsmadi IBurdwell RAleroud AWahbeh AAl-Qudah MAl-Omari AAlsmadi IBurdwell RAleroud AWahbeh AAl-Qudah MAl-Omari A(2018)The Ontology of MalwaresPractical Information Security10.1007/978-3-319-72119-4_2(17-52)Online publication date: 31-Jan-2018
https://doi.org/10.1007/978-3-319-72119-4_2
Gupta SGupta BChaudhary P(2018)A client‐server JavaScript code rewriting‐based framework to detect the XSS worms from online social networkConcurrency and Computation: Practice and Experience10.1002/cpe.464631:21Online publication date: 31-May-2018
https://doi.org/10.1002/cpe.4646
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Building Websites with DotNetNuke 5

Beginning Node.js

Drupal 6 JavaScript and jQuery