Abstract
Recently, machine-learning based vulnerability prediction models are gaining popularity in web security space, as these models provide a simple and efficient way to handle web application security issues. Existing state-of-art Cross-Site Scripting (XSS) vulnerability prediction approaches do not consider the context of the user-input in output-statement, which is very important to identify context-sensitive security vulnerabilities. In this paper, we propose a novel feature extraction algorithm to extract basic and context features from the source code of web applications. Our approach uses these features to build various machine-learning models for predicting context-sensitive Cross-Site Scripting (XSS) security vulnerabilities. Experimental results show that the proposed features based prediction models can discriminate vulnerable code from non-vulnerable code at a very low false rate.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
