loading
Documents

Research.Publish.Connect.

Paper

Authors: Ilan Ben-Bassat 1 and Erez Rokah 2

Affiliations: 1 School of Computer Science, Tel-Aviv University, Tel-Aviv, Israel ; 2 IBM, Herzliya, Israel

ISBN: 978-989-758-359-9

Keyword(s): Security Testing, Automated Crawling, Rich Internet Applications, DOM Similarity, Locality-Sensitive Hashing, MinHash.

Abstract: Web application security has become a major concern in recent years, as more and more content and services are available online. A useful method for identifying security vulnerabilities is black-box testing, which relies on an automated crawling of web applications. However, crawling Rich Internet Applications (RIAs) is a very challenging task. One of the key obstacles crawlers face is the state similarity problem: how to determine if two client-side states are equivalent. As current methods do not completely solve this problem, a successful scan of many real-world RIAs is still not possible. We present a novel approach to detect redundant content for security testing purposes. The algorithm applies locality-sensitive hashing using MinHash sketches in order to analyze the Document Object Model (DOM) structure of web pages, and to efficiently estimate similarity between them. Our experimental results show that this approach allows a successful scan of RIAs that cannot be crawled otherw ise. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.83.192.109

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Ben-Bassat, I. and Rokah, E. (2019). Locality-Sensitive Hashing for Efficient Web Application Security Testing.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 193-204. DOI: 10.5220/0007255301930204

@conference{icissp19,
author={Ilan Ben{-}Bassat. and Erez Rokah.},
title={Locality-Sensitive Hashing for Efficient Web Application Security Testing},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={193-204},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007255301930204},
isbn={978-989-758-359-9},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Locality-Sensitive Hashing for Efficient Web Application Security Testing
SN - 978-989-758-359-9
AU - Ben-Bassat, I.
AU - Rokah, E.
PY - 2019
SP - 193
EP - 204
DO - 10.5220/0007255301930204

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.