Skip to Main content Skip to Navigation
Conference papers

Statically Identifying XSS using Deep Learning

Abstract : Cross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. In this work, we explore static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with a well-known static analyzer for PHP code, ProgPilot, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overcome the results of existing tools in all cases.
Complete list of metadata
Contributor : Héloïse MAUREL Connect in order to contact the contributor
Submitted on : Tuesday, June 29, 2021 - 12:06:40 PM
Last modification on : Saturday, June 25, 2022 - 11:50:58 PM
Long-term archiving on: : Thursday, September 30, 2021 - 6:32:41 PM


Files produced by the author(s)


  • HAL Id : hal-03273564, version 1



Heloise Maurel, Santiago Vidal, Tamara Rezk. Statically Identifying XSS using Deep Learning. SECRYPT 2021 - 18th International Conference on Security and Cryptography, Jul 2021, Virtual, France. ⟨hal-03273564⟩



Record views


Files downloads