Master Thesis Online
Automate XSS vulnerabilities detection in Odoo's HTML fields.
Boonen, Antoine 
Promoteur(s) :
Donnet, Benoît
Date de soutenance : 24-jui-2024/25-jui-2024 • URL permanente : http://hdl.handle.net/2268.2/20121
Détails
| Titre : | Automate XSS vulnerabilities detection in Odoo's HTML fields. |
| Auteur : | Boonen, Antoine
|
| Date de soutenance : | 24-jui-2024/25-jui-2024 |
| Promoteur(s) : | Donnet, Benoît
|
| Membre(s) du jury : | Debruyne, Christophe
Mathy, Laurent
Trigaux, Martin |
| Langue : | Anglais |
| Discipline(s) : | Ingénierie, informatique & technologie > Sciences informatiques |
| Institution(s) : | Université de Liège, Liège, Belgique |
| Diplôme : | Master en sciences informatiques, à finalité spécialisée en "computer systems security" |
| Faculté : | Mémoires de la Faculté des Sciences appliquées |
Résumé
[en] During my 15-week internship at Odoo, I automated the detection of cross-site scripting in the software's HTML fields. Ensuring security in web applications is an important and continuous task. This rule applies to Odoo, a worldwide and ever-changing ERP software. To detect cross-site scripting in the software's HTML fields, I built an internal test that introduces a malicious payload in each target field of an Odoo database. Using two different crawlers, one for HTML-only pages and another one for JavaScript-rendered pages, the test crawls through all of the server pages, detecting and reporting unsanitized payloads. This test will help Odoo improve security measures against a vulnerability that remains, to this day, a highly prevalent vector of attacks in web applications.
Fichier(s)
Document(s)
BOONEN-Antoine-TFE-2023-2024.pdf
Description:
Taille: 2.53 MB
Format: Adobe PDF
BOONEN-Antoine-summary-2023-2024.pdf
Description:
Taille: 60.75 kB
Format: Adobe PDF
Citer ce mémoire
L'Université de Liège ne garantit pas la qualité scientifique de ces travaux d'étudiants ni l'exactitude de l'ensemble des informations qu'ils contiennent.