Locality-Sensitive Hashing for Efficient Web Application Security Testing

Ilan Ben-Bassat; Erez Rokah

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Locality-Sensitive Hashing for Efficient Web Application Security Testing

Topics: Data Mining and Knowledge Discovery; Security

In Proceedings of the 5th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 193-204, 2019 , Prague, Czech Republic

Authors: Ilan Ben-Bassat ¹ and Erez Rokah ²

Affiliations: ¹ School of Computer Science, Tel-Aviv University, Tel-Aviv and Israel ; ² IBM, Herzliya and Israel

Keyword(s): Security Testing, Automated Crawling, Rich Internet Applications, DOM Similarity, Locality-Sensitive Hashing, MinHash.

Related Ontology Subjects/Areas/Topics: Computer-Supported Education ; Enterprise Information Systems ; Information Systems Analysis and Specification ; Information Technologies Supporting Learning ; Security ; Security and Privacy

Abstract: Web application security has become a major concern in recent years, as more and more content and services are available online. A useful method for identifying security vulnerabilities is black-box testing, which relies on an automated crawling of web applications. However, crawling Rich Internet Applications (RIAs) is a very challenging task. One of the key obstacles crawlers face is the state similarity problem: how to determine if two client-side states are equivalent. As current methods do not completely solve this problem, a successful scan of many real-world RIAs is still not possible. We present a novel approach to detect redundant content for security testing purposes. The algorithm applies locality-sensitive hashing using MinHash sketches in order to analyze the Document Object Model (DOM) structure of web pages, and to efficiently estimate similarity between them. Our experimental results show that this approach allows a successful scan of RIAs that cannot be crawled other wise. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.22.181.211

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Ben-Bassat, I. and Rokah, E. (2019). Locality-Sensitive Hashing for Efficient Web Application Security Testing. In Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-359-9; ISSN 2184-4356, SciTePress, pages 193-204. DOI: 10.5220/0007255301930204

@conference{icissp19,
author={Ilan Ben{-}Bassat. and Erez Rokah.},
title={Locality-Sensitive Hashing for Efficient Web Application Security Testing},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP},
year={2019},
pages={193-204},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007255301930204},
isbn={978-989-758-359-9},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - ICISSP
TI - Locality-Sensitive Hashing for Efficient Web Application Security Testing
SN - 978-989-758-359-9
IS - 2184-4356
AU - Ben-Bassat, I.
AU - Rokah, E.
PY - 2019
SP - 193
EP - 204
DO - 10.5220/0007255301930204
PB - SciTePress