Statically Identifying XSS using Deep Learning
Heloise Maurel, Santiago Vidal, Tamara Rezk
2021
Abstract
Cross-site Scripting (XSS) is ranked first in the top 25 Most Dangerous Software Weaknesses (2020) of Common Weakness Enumeration (CWE) and places this vulnerability as the most dangerous among programming errors. In this work, we explore static approaches to detect XSS vulnerabilities using neural networks. We compare two different code representations based on Natural Language Processing (NLP) and Programming Language Processing (PLP) and experiment with models based on different neural network architectures for static analysis detection in PHP and Node.js. We train and evaluate the models using synthetic databases. Using the generated PHP and Node.js databases, we compare our results with a well-known static analyzer for PHP code, ProgPilot, and a known scanner for Node.js, AppScan static mode. Our analyzers using neural networks overcome the results of existing tools in all cases.
DownloadPaper Citation
in Harvard Style
Maurel H., Vidal S. and Rezk T. (2021). Statically Identifying XSS using Deep Learning. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 99-110. DOI: 10.5220/0010537000990110
in Bibtex Style
@conference{secrypt21,
author={Heloise Maurel and Santiago Vidal and Tamara Rezk},
title={Statically Identifying XSS using Deep Learning},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={99-110},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010537000990110},
isbn={978-989-758-524-1},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Statically Identifying XSS using Deep Learning
SN - 978-989-758-524-1
AU - Maurel H.
AU - Vidal S.
AU - Rezk T.
PY - 2021
SP - 99
EP - 110
DO - 10.5220/0010537000990110