Static Analysis of DOM-based Cross-Site Scripting

Abstract

A malicious hacker may inject untrustworthy payload in a dynamically generated page intentionally. If a web server does not adequately sanitize the input data, the inadvertent execution of client-side scripts injected by malicious users creates security problems. DOM-based Cross-site Scripting (XSS) is a type of XSS that creates such types of security problems in client side. This thesis presents a static taint analysis for detecting DOM-based XSS holes from dynamically generated error pages, which directly addresses the absence of built-in filter function. We provided an experimental study that sheds light on the DOM-based XSS holes present in web applications and reveals the severity of this type of XSS in the web world. Moreover, we survey all the techniques that have been used to detect XSS and arrange a number of analyses to evaluate performances of those methodologies. This thesis also points out major difficulties to detect XSS.