4MMSR-Network Security-2012-2013-taint assisted dom xss fuzzing : Différence entre versions
De Ensiwiki
| Ligne 5 : | Ligne 5 : | ||
|references= | |references= | ||
* [http://www.webappsec.org/projects/articles/071105.shtml DOM Based Cross Site Scripting or XSS of the Third Kind, Amit Klein, 2005] | * [http://www.webappsec.org/projects/articles/071105.shtml DOM Based Cross Site Scripting or XSS of the Third Kind, Amit Klein, 2005] | ||
| − | * [https://www.owasp.org/images/7/76/AnalyzingDOMXssWithDOMinator.pdf Finding DOM XSS with Dominator Pro] | + | * [https://www.owasp.org/images/7/76/AnalyzingDOMXssWithDOMinator.pdf Finding DOM XSS with Dominator Pro, Stefano di Paola, 2011] |
| + | * [http://car-online.fr/en/spaces/fabien_duchene/publications/2012-04-SecTest-ICST/ XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing, Fabien Duchene & Sanjay Rawat & Roland Groz & Jean-Luc Richier, 2012] | ||
| + | * [http://www.spacios.eu/deliverables.php SPaCIoS, D3.3 "Methodology and technology for vulnerability-driven security testing", section "An Evolutionary Smart-Fuzzing Approach for Detecting XSS Injections Attacks", 2013] | ||
|keywords=fuzzing,DOM/type-0 XSS,data tainting | |keywords=fuzzing,DOM/type-0 XSS,data tainting | ||
| Ligne 11 : | Ligne 13 : | ||
|description=TODO | |description=TODO | ||
| − | |planning= | + | |planning= |
| + | * write a DOM-XSS attack grammar | ||
| + | * interface with Dominator Pro to obtain: | ||
| + | ** the number of tainted nodes | ||
| + | ** if a DOM XSS attack did occur or not | ||
| − | |research_questions= | + | |research_questions= |
| + | * propose a methodology for producing a DOM-XSS grammar | ||
| + | * | ||
|tools= | |tools= | ||
Version du 30 décembre 2012 à 12:22
Deuxième Année 
Informatique 
Sécurité 
4MMSR-mini research project
Sommaire
Taint Assisted DOM-XSS Fuzzing
This is a "mini" research project for the course 4MMSR-Network Security
Keywords
fuzzing,DOM/type-0 XSS,data tainting
Description
TODO
Expected output
Research Questions
- propose a methodology for producing a DOM-XSS grammar
References
- DOM Based Cross Site Scripting or XSS of the Third Kind, Amit Klein, 2005
- Finding DOM XSS with Dominator Pro, Stefano di Paola, 2011
- XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing, Fabien Duchene & Sanjay Rawat & Roland Groz & Jean-Luc Richier, 2012
- SPaCIoS, D3.3 "Methodology and technology for vulnerability-driven security testing", section "An Evolutionary Smart-Fuzzing Approach for Detecting XSS Injections Attacks", 2013
Tools
Results
{{{results}}}
Get Started!
- create an archive on the ensimag server, so that only your team members and I have access to it.
- Créer_une_archive_partagée_avec_Git
- obviously, do not forget to send me the path afterwards
