Skip to Main content Skip to Navigation
Conference papers

LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection

Abstract : Fuzz testing consists of automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. In order to be efficient, the fuzzing should answer questions such as: Where to send a malicious value? Where to observe its effects? How to position the system in such states? Answering such questions is a matter of understanding precisely enough the application. Reverse- engineering is a possible way to gain this knowledge, especially in a black-box harness. In fact, given the complexity of modern web applications, automated black-box scanners alternatively reverse- engineer and fuzz web applications to detect vulnerabilities. We present an approach, named as LigRE, which improves the reverse engineering to guide the fuzzing. We adapt a method to automatically learn a control flow model of web applications, and annotate this model with inferred data flows. Afterwards, we generate slices of the model for guiding the scope of a fuzzer. Empirical experiments show that LigRE increases detection capabilities of Cross Site Scripting (XSS), a particular case of web command injection vulnerabilities.
Document type :
Conference papers
Complete list of metadata
Contributor : Catherine Oriat Connect in order to contact the contributor
Submitted on : Monday, April 7, 2014 - 2:16:17 PM
Last modification on : Sunday, June 26, 2022 - 9:35:25 AM


  • HAL Id : hal-00974762, version 1



Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz. LigRE: Reverse-Engineering of Control and Data Flow Models for Black-Box XSS Detection. Working Conference in Reverse Engineering (WCRE 2013), 2013, Koblenz-Landau, Germany. pp.252-261. ⟨hal-00974762⟩



Record views