Locality-Sensitive hashing for efficientweb application security testing

Ilan Ben-Bassat, Erez Rokah

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    Web application security has become a major concern in recent years, as more and more content and services are available online. A useful method for identifying security vulnerabilities is black-box testing, which relies on an automated crawling of web applications. However, crawling Rich Internet Applications (RIAs) is a very challenging task. One of the key obstacles crawlers face is the state similarity problem: How to determine if two client-side states are equivalent. As current methods do not completely solve this problem, a successful scan of many real-world RIAs is still not possible. We present a novel approach to detect redundant content for security testing purposes. The algorithm applies locality-sensitive hashing using MinHash sketches in order to analyze the Document Object Model (DOM) structure of web pages, and to efficiently estimate similarity between them. Our experimental results show that this approach allows a successful scan of RIAs that cannot be crawled otherwise.

    Original languageEnglish
    Title of host publicationICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy
    EditorsPaolo Mori, Steven Furnell, Olivier Camp
    PublisherSciTePress
    Pages193-204
    Number of pages12
    ISBN (Electronic)9789897583599
    DOIs
    StatePublished - 2019
    Event5th International Conference on Information Systems Security and Privacy, ICISSP 2019 - Prague, Czech Republic
    Duration: 23 Feb 201925 Feb 2019

    Publication series

    NameICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy

    Conference

    Conference5th International Conference on Information Systems Security and Privacy, ICISSP 2019
    Country/TerritoryCzech Republic
    CityPrague
    Period23/02/1925/02/19

    Keywords

    • Automated Crawling
    • DOM Similarity
    • Locality-Sensitive Hashing
    • MinHash
    • Rich Internet Applications
    • Security Testing

    Fingerprint

    Dive into the research topics of 'Locality-Sensitive hashing for efficientweb application security testing'. Together they form a unique fingerprint.

    Cite this