Taint Analysis Scheme using Concolic Execution to Find XSS Flaws in Legacy Java Web Applications

초록

Cross-site scripting(XSS) is one of the major threats in web services. Many legacy web applications, which is prevalent in industry, are vulnerable to XSS. This paper proposes dynamic taint analysis scheme by using concolic execution to prevent XSS. Our proposed scheme has no false alarm, at the same time, minimizes required dynamic taint analysis time to cover all execution path. In this manner we can find the exact input data set, which causes the XSS threat. We defined instrumentation scheme for taint analysis and concolic executions. The instrumentation phase for the Java servlet code is automated. The experimental results on test set of SecuriBench Micro, demonstrated the validity of proposed scheme. It detects 90.63% of XSS threats while showing 0% of false positive.