Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning

Héloíse Maurel, Santiago Vidal, Tamara Rezk

2022

Abstract

Cross-site Scripting (XSS) is one of the most common and impactful software vulnerabilities (ranked second in the CWE ’s top 25 in 2021). Several approaches have focused on automatically detecting software vulnerabilities through machine learning models. To build a model, it is necessary to have a dataset of vulnerable and non-vulnerable examples and to represent the source code in a computer understandable way. In this work, we explore the impact of predicting XSS using representations based on single-tier and multi-tier languages. We built 144 models trained on Javascript-based multitier code - i.e. which includes server code and HTML, Javascript and CSS as client code - and 144 models trained on single-tier code, which include sever code and client-side code as text. Despite the lower precision, our results show a better recall with multitier languages than a single-tier language, implying an insignificant impact on XSS detectors based on deep learning.

Download


Paper Citation


in Harvard Style

Maurel H., Vidal S. and Rezk T. (2022). Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 189-201. DOI: 10.5220/0010980800003120


in Bibtex Style

@conference{icissp22,
author={Héloíse Maurel and Santiago Vidal and Tamara Rezk},
title={Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={189-201},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010980800003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning
SN - 978-989-758-553-1
AU - Maurel H.
AU - Vidal S.
AU - Rezk T.
PY - 2022
SP - 189
EP - 201
DO - 10.5220/0010980800003120