4MMSR-Network Security-2012-2013-taint assisted dom xss fuzzing : Différence entre versions

De Ensiwiki
Aller à : navigation, rechercher
Ligne 5 : Ligne 5 :
 
|references=
 
|references=
 
* [http://www.webappsec.org/projects/articles/071105.shtml DOM Based Cross Site Scripting or XSS of the Third Kind, Amit Klein, 2005]
 
* [http://www.webappsec.org/projects/articles/071105.shtml DOM Based Cross Site Scripting or XSS of the Third Kind, Amit Klein, 2005]
* [https://www.owasp.org/images/7/76/AnalyzingDOMXssWithDOMinator.pdf Finding DOM XSS with Dominator Pro]
+
* [https://www.owasp.org/images/7/76/AnalyzingDOMXssWithDOMinator.pdf Finding DOM XSS with Dominator Pro, Stefano di Paola, 2011]
 +
* [http://car-online.fr/en/spaces/fabien_duchene/publications/2012-04-SecTest-ICST/ XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing, Fabien Duchene & Sanjay Rawat & Roland Groz & Jean-Luc Richier, 2012]
 +
* [http://www.spacios.eu/deliverables.php SPaCIoS, D3.3 "Methodology and technology for vulnerability-driven security testing", section "An Evolutionary Smart-Fuzzing Approach for Detecting XSS Injections Attacks", 2013]
  
 
|keywords=fuzzing,DOM/type-0 XSS,data tainting
 
|keywords=fuzzing,DOM/type-0 XSS,data tainting
Ligne 11 : Ligne 13 :
 
|description=TODO
 
|description=TODO
  
|planning=TODO
+
|planning=
 +
* write a DOM-XSS attack grammar
 +
* interface with Dominator Pro to obtain:
 +
** the number of tainted nodes
 +
** if a DOM XSS attack did occur or not
  
|research_questions=TODO
+
|research_questions=
 +
* propose a methodology for producing a DOM-XSS grammar
 +
*
  
 
|tools=
 
|tools=

Version du 30 décembre 2012 à 12:22

Mycomputer.png  Deuxième Année  CDROM.png  Informatique  Security logo.png  Sécurité  4MMSR-mini research logo.jpg  4MMSR-mini research project 

Taint Assisted DOM-XSS Fuzzing

This is a "mini" research project for the course 4MMSR-Network Security

Keywords

fuzzing,DOM/type-0 XSS,data tainting

Description

TODO

Expected output

Research Questions

  • propose a methodology for producing a DOM-XSS grammar

References

Tools

Results

{{{results}}}

Get Started!

  • create an archive on the ensimag server, so that only your team members and I have access to it.
  • Créer_une_archive_partagée_avec_Git
  • obviously, do not forget to send me the path afterwards

Contacts

Fabien Duchene