Skip to Main content Skip to Navigation
Conference papers

Statically Identifying XSS using Deep Learning

Abstract : Cross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. In this work, we explore static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with a well-known static analyzer for PHP code, ProgPilot, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overcome the results of existing tools in all cases.
Complete list of metadata

https://hal.inria.fr/hal-03273564
Contributor : Héloïse MAUREL Connect in order to contact the contributor
Submitted on : Tuesday, June 29, 2021 - 12:06:40 PM
Last modification on : Saturday, June 25, 2022 - 11:50:58 PM
Long-term archiving on: : Thursday, September 30, 2021 - 6:32:41 PM

File

SECRYPT_2021_53_CR.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03273564, version 1

Collections

Citation

Heloise Maurel, Santiago Vidal, Tamara Rezk. Statically Identifying XSS using Deep Learning. SECRYPT 2021 - 18th International Conference on Security and Cryptography, Jul 2021, Virtual, France. ⟨hal-03273564⟩

Share

Metrics

Record views

177

Files downloads

432