Abstract
Progressive Web Applications produce false negative results when scanned with security vulnerability scanners. In this paper the authors investigate the causes behind vulnerability scanners missing simple vulnerabilities when being used on Progressive Web Applications (PWAs).
Moreover, an analysis of the caveats of only having fully automated vulnerability scans and manual pentests, without a semi-automatic tool covering the gap between the two, will be performed. An explanation of how such tool has been built will be delivered at the end of the paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Qualys website. https://www.qualys.com/
Vulnerability Assessment Gartner Ranking. https://www.gartner.com/reviews/market/vulnerability-assessment
Harnessing Modern Web Architecture with Progressive Web Apps. https://mentormate.com/blog/modern-web-application-architecture/
Vue Storefront Headless Ecommerce. https://www.vuestorefront.io/
PortSwigger Active Scan++ website. https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
Zed Attack Proxy (ZAP) website. https://www.zaproxy.org/
Wfuzz: The Web fuzzer Documentation. https://wfuzz.readthedocs.io/en/latest/
Arjunt: HTTP Parameter Discovery Suite Github Project. https://github.com/s0md3v/Arjun
XSStrike: Advanced XSS Detection Suite Github Project. https://github.com/s0md3v/XSStrike
SQLmap website. https://sqlmap.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Valles, J.P., Bongard, S.K., Castellví, A.E. (2024). XSS Vulnerability Test Enhancement for Progressive Web Applications. In: Goel, S., Nunes de Souza, P.R. (eds) Digital Forensics and Cyber Crime. ICDF2C 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-031-56583-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-56583-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56582-3
Online ISBN: 978-3-031-56583-0
eBook Packages: Computer ScienceComputer Science (R0)