Master Thesis Online
Automate XSS vulnerabilities detection in Odoo's HTML fields.
Boonen, Antoine 
Promotor(s) :
Donnet, Benoît
Date of defense : 24-Jun-2024/25-Jun-2024 • Permalink : http://hdl.handle.net/2268.2/20121
Details
| Title : | Automate XSS vulnerabilities detection in Odoo's HTML fields. |
| Author : | Boonen, Antoine
|
| Date of defense : | 24-Jun-2024/25-Jun-2024 |
| Advisor(s) : | Donnet, Benoît
|
| Committee's member(s) : | Debruyne, Christophe
Mathy, Laurent
Trigaux, Martin |
| Language : | English |
| Discipline(s) : | Engineering, computing & technology > Computer science |
| Institution(s) : | Université de Liège, Liège, Belgique |
| Degree: | Master en sciences informatiques, à finalité spécialisée en "computer systems security" |
| Faculty: | Master thesis of the Faculté des Sciences appliquées |
Abstract
[en] During my 15-week internship at Odoo, I automated the detection of cross-site scripting in the software's HTML fields. Ensuring security in web applications is an important and continuous task. This rule applies to Odoo, a worldwide and ever-changing ERP software. To detect cross-site scripting in the software's HTML fields, I built an internal test that introduces a malicious payload in each target field of an Odoo database. Using two different crawlers, one for HTML-only pages and another one for JavaScript-rendered pages, the test crawls through all of the server pages, detecting and reporting unsanitized payloads. This test will help Odoo improve security measures against a vulnerability that remains, to this day, a highly prevalent vector of attacks in web applications.
File(s)
Document(s)
BOONEN-Antoine-summary-2023-2024.pdf
Description:
Size: 60.75 kB
Format: Adobe PDF
Cite this master thesis
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.
