magistrsko delo
Ivan Kozulić (Author), Niko Lukač (Mentor)

Abstract

Cross-site scripting (XSS) napadi še vedno predstavljajo veliko varnostno tveganje pri spletnih aplikacijah. V magistrskem delu predstavljamo metodo za iskanje ranljivosti v JavaScript programski kodi, pri čemer smo uporabili algoritme strojnega učenja. V teoretičnem delu najprej opišemo osnovne koncepte napadov XSS in z njimi povezane ranljivosti. Predstavimo tudi sorodne pristope za iskanje ranljivosti XSS. V praktičnem delu magistrskega dela pa se posvetimo načinu izračuna značilnic iz JavaScript kode ter pripravi učne in testne množice. Na podlagi značilnic smo usposobili model strojnega učenja za ločevanje ranljivih od neranljivih aplikacij. Iz rezultatov sklepamo, da je metoda učinkovita in nudi dodatno podporo pri odkrivanju ranljivosti XSS.

Keywords

varnost spletnih aplikacij;strojno učenje;magistrske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FERI - Faculty of Electrical Engineering and Computer Science
Publisher: [I. Kozulić]
UDC: 004.774.056+004.85(043.2)
COBISS: 37733123 Link will open in a new window
Views: 416
Downloads: 70
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Xss vulnerabilities search in web applications by using machine learning approaches
Secondary abstract: Cross-site scripting (XSS) attacks are still a major threat to the security of web applications. In the master's thesis, we present a method for searching vulnerabilities in JavaScript code using machine learning algorithms. In the theoretical part, we first describe the basic concepts of XSS attacks and related vulnerabilities. We also present related approaches for finding XSS vulnerabilities. In the practical part of the thesis, we focus on the method for calculating the characteristics from the JavaScript code and the preparation of the train and test data set. Based on the characteristics, we trained the machine learning model to separate vulnerable from non-vulnerable applications. From the results, we conclude that the method is effective and offers additional support in detecting vulnerabilities.
Secondary keywords: web application security;XSS;JavaScript;machine learning;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za elektrotehniko, računalništvo in informatiko, Računalništvo in informacijske tehnologije
Pages: IX, 60 f.
ID: 11899274