Feedback

Faculté des Sciences appliquées
Faculté des Sciences appliquées
MASTER THESIS
VIEW 4 | DOWNLOAD 0

Automate XSS vulnerabilities detection in Odoo's HTML fields.

Download
Boonen, Antoine ULiège
Promotor(s) : Donnet, Benoît ULiège
Date of defense : 24-Jun-2024/25-Jun-2024 • Permalink : http://hdl.handle.net/2268.2/20121
Details
Title : Automate XSS vulnerabilities detection in Odoo's HTML fields.
Author : Boonen, Antoine ULiège
Date of defense  : 24-Jun-2024/25-Jun-2024
Advisor(s) : Donnet, Benoît ULiège
Committee's member(s) : Debruyne, Christophe ULiège
Mathy, Laurent ULiège
Trigaux, Martin 
Language : English
Discipline(s) : Engineering, computing & technology > Computer science
Institution(s) : Université de Liège, Liège, Belgique
Degree: Master en sciences informatiques, à finalité spécialisée en "computer systems security"
Faculty: Master thesis of the Faculté des Sciences appliquées

Abstract

[en] During my 15-week internship at Odoo, I automated the detection of cross-site scripting in the software's HTML fields. Ensuring security in web applications is an important and continuous task. This rule applies to Odoo, a worldwide and ever-changing ERP software. To detect cross-site scripting in the software's HTML fields, I built an internal test that introduces a malicious payload in each target field of an Odoo database. Using two different crawlers, one for HTML-only pages and another one for JavaScript-rendered pages, the test crawls through all of the server pages, detecting and reporting unsanitized payloads. This test will help Odoo improve security measures against a vulnerability that remains, to this day, a highly prevalent vector of attacks in web applications.


File(s)

Document(s)

File
Access BOONEN-Antoine-TFE-2023-2024.pdf
Description:
Size: 2.53 MB
Format: Adobe PDF
Ask a request copy
Direct access
File
Access BOONEN-Antoine-summary-2023-2024.pdf
Description:
Size: 60.75 kB
Format: Adobe PDF
Ask a request copy
Direct access

Author

  • Boonen, Antoine ULiège Université de Liège > Master sc. inform. fin. spéc. comput. syst. secur.

Promotor(s)

Committee's member(s)

  • Debruyne, Christophe ULiège Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Représentation et ingénierie des données
    ORBi View his publications on ORBi
  • Mathy, Laurent ULiège Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Systèmes informatiques répartis et sécurité
    ORBi View his publications on ORBi
  • Trigaux, Martin
  • Total number of views 4
  • Total number of downloads 0










All documents available on MatheO are protected by copyright and subject to the usual rules for fair use.
The University of Liège does not guarantee the scientific quality of these students' works or the accuracy of all the information they contain.