XSS Vulnerability Test Enhancement for Progressive Web Applications

Valles, Josep Pegueroles; Bongard, Sebastien Kanj; Castellví, Arnau Estebanell

doi:10.1007/978-3-031-56583-0_10

Josep Pegueroles Valles ORCID: orcid.org/0000-0002-5194-4883¹⁷,
Sebastien Kanj Bongard¹⁷ &
Arnau Estebanell Castellví¹⁷

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 571))

Included in the following conference series:

International Conference on Digital Forensics and Cyber Crime

96 Accesses

Abstract

Progressive Web Applications produce false negative results when scanned with security vulnerability scanners. In this paper the authors investigate the causes behind vulnerability scanners missing simple vulnerabilities when being used on Progressive Web Applications (PWAs).

Moreover, an analysis of the caveats of only having fully automated vulnerability scans and manual pentests, without a semi-automatic tool covering the gap between the two, will be performed. An explanation of how such tool has been built will be delivered at the end of the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 64.99; Price excludes VAT (USA)

Softcover Book: USD 84.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Qualys website. https://www.qualys.com/
Vulnerability Assessment Gartner Ranking. https://www.gartner.com/reviews/market/vulnerability-assessment
Harnessing Modern Web Architecture with Progressive Web Apps. https://mentormate.com/blog/modern-web-application-architecture/
Vue Storefront Headless Ecommerce. https://www.vuestorefront.io/
PortSwigger Active Scan++ website. https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
Zed Attack Proxy (ZAP) website. https://www.zaproxy.org/
Wfuzz: The Web fuzzer Documentation. https://wfuzz.readthedocs.io/en/latest/
Arjunt: HTTP Parameter Discovery Suite Github Project. https://github.com/s0md3v/Arjun
XSStrike: Advanced XSS Detection Suite Github Project. https://github.com/s0md3v/XSStrike
SQLmap website. https://sqlmap.org/

Download references

Author information

Authors and Affiliations

Universitat Politècnica de Catalunya, Jordi Girona 1-3, 08034, Barcelona, Spain
Josep Pegueroles Valles, Sebastien Kanj Bongard & Arnau Estebanell Castellví

Authors

Josep Pegueroles Valles
View author publications
You can also search for this author in PubMed Google Scholar
Sebastien Kanj Bongard
View author publications
You can also search for this author in PubMed Google Scholar
Arnau Estebanell Castellví
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Josep Pegueroles Valles .

Editor information

Editors and Affiliations

University of Albany, Albany, GA, USA
Sanjay Goel
Universidade Federal do Espírito Santo, Alegre, Brazil
Paulo Roberto Nunes de Souza

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Valles, J.P., Bongard, S.K., Castellví, A.E. (2024). XSS Vulnerability Test Enhancement for Progressive Web Applications. In: Goel, S., Nunes de Souza, P.R. (eds) Digital Forensics and Cyber Crime. ICDF2C 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-031-56583-0_10

Download citation

DOI: https://doi.org/10.1007/978-3-031-56583-0_10
Published: 03 April 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-56582-3
Online ISBN: 978-3-031-56583-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics