Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Mantis The Black-Box Scanner: Finding XSS vulnerabilities through parse errors
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2020 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Abstract [en]

Background. Penetration testing is a good technique for finding web vulnerabilities. Vulnerability scanners are often used to aid with security testing. The increased scope is becoming more difficult for scanners to handle in a reasonable amount of time. The problem with vulnerability scanners is that they rely on fuzzing to find vulnerabilities. A problem with fuzzing is that: it generates a lot of network traffic; scans can be excruciatingly slow; limited vulnerability detection if the output string is modified due to filtering or sanitization.

Objectives. This thesis aims to investigate if an XSS vulnerability scanner can be made more scalable than the current state-of-the-art. The idea is to examine how reflected parameters can be detected, and if a different methodology can be applied to improve the detection of XSS vulnerabilities. The proposed vulnerability scanner is named Mantis.

Methods. The research methods used in this thesis are literature review and experiment. In the literature review, we collected information about the investigated problem to help us analyze the identified research gaps. The experiment evaluated the proposed vulnerability scanner with the current state-of-the-art using the dataset, OWASP benchmark.

Results. The result shows that reflected parameters can be reliably detected using approximate string matching. Using the parameter mapping, it was possible to detect reflected XSS vulnerabilities to a great extent. Mantis had an average scan time of 78 seconds, OWASP ZAP 95 seconds and Arachni 17 minutes. The dataset had a total of 246 XSS vulnerabilities. Mantis detected the most at 213 vulnerabilities, Arachni detected 183, and OWASP ZAP 137. None of the scanners had any false positives.

Conclusions. Mantis has proven to be an efficient vulnerability scanner for detecting XSS vulnerabilities. Focusing on the set of characters that may lead to the exploitation of XSS has proven to be a great alternative to fuzzing. More testing of Mantis is needed to determine the usability of the vulnerability scanner in a real-world scenario. We believe the scanner has the potential to be a great asset for penetration testers in their work.

Place, publisher, year, edition, pages
2020. , p. 79
Keywords [en]
XSS, Reflected parameter, Vulnerability scanner, Scalability
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-19566OAI: oai:DiVA.org:bth-19566DiVA, id: diva2:1435600
External cooperation
Cybercom
Subject / course
Degree Project in Master of Science in Engineering 30,0 hp
Educational program
DVACD Master of Science in Computer Security
Supervisors
Examiners
Available from: 2020-07-02 Created: 2020-06-05 Last updated: 2022-05-12Bibliographically approved

Open Access in DiVA

fulltext(1031 kB)670 downloads
File information
File name FULLTEXT02.pdfFile size 1031 kBChecksum SHA-512
a8dd30452c9732d10568b5eb63cb7a647175e839d129ecbe5e5a43054cfe205fa19af6bd8878c4252052bf24f61b2d62dee94df3a2fffe2f327ea4e39dd0c1fa
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 670 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1025 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf