期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

服务器-客户端协作的跨站脚本攻击防御方法 被引量:2

Cross-site Scripting Attack Defense Method of Server-client Cooperation
下载PDF
导出
摘要 在网络应用的链接中注入恶意代码,以此欺骗用户浏览器,当用户访问这些网站时便会受到跨站脚本攻击。为此,提出基于服务器端-客户端协作的跨站脚本攻击防御方法。利用规则文件、文档对象模型完整性测试和脚本混淆监测等方法,提高脚本的检测效率和准确性。实验结果表明,该方法能获得良好的攻击防御效果。 Cross-site Scripting(XSS) attack can attack a user's Web browser when the user visits Web applications which evil scripting code is injected into.According to the problem proposed above,this paper makes a research on the server-client cooperation XSS defense method.When uses methods such as policy file,Document Object Model(DOM) integrity test and scripting obfuscation monitor,it can ehance the detection efficiency and accuracy.Experimental results show that,this method can get good attack defense effect.
作者 许思远 郑滔
机构地区 南京大学软件学院
出处 《计算机工程》 CAS CSCD 北大核心 2011年第18期154-156,共3页 Computer Engineering
基金 国家自然科学基金资助项目(60773171) 国家"863"计划基金资助重点项目(2007AA01Z448)
关键词 跨站脚本攻击 文档对象模型完整性 规则文件 脚本混淆 Cross-site Scripting(XSS) attack Document Object Model(DOM) integrity rule file scripting obfuscation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Xu Wei, Sandeep B, Sekar R. Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks[C]//Proc. of the 15th USENIX Security Symposium. Vancouver, Canada: [s. n.], 2006.
  • 2Sotirov A. Blackbox Reversing of XSS Filters[C]//Proc. of RE- CON’08. Las Vegas, USA: [s. n.], 2008.
  • 3Feinstein B, Peck D. Caffeine Monkey: Automated Collection, Detection and Analysis of Malicious Javascript[C]//Proc. of the 11th Black Hat. Las Vegas, USA: [s. n.], 2007.
  • 4Stephan C, Alex R. Spiffy: Automated JavaScript Deobfusca- tion[C]//Proc. of PacSec’07. Tokyo, Japan: [s. n.], 2007.
  • 5Jim T, Swamy N, Hicks M. Beep: Browser-enforced Embedded Policies[C]//Proc. of the 16th International World World Web Conference. Banff, Canada: [s. n.], 2007.
  • 6Saxena P, Song D, Nadji Y. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense[C]//Proc. of Annual Network & Distributed System Security Symposium’09. San Diego, USA: [s. n.], 2009.
  • 7Louw M T, Venkatakrishnan V N. BluePrint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers[C]//Proc. of the 30th IEEE Symposium on Security and Privacy. Oakland, USA: [s. n.], 2009.
  • 8沈寿忠,张玉清.基于爬虫的XSS漏洞检测工具设计与实现[J].计算机工程,2009,35(21):151-154. 被引量:28

二级参考文献5

  • 1Chinotec Technologies Company. Paros--for Web Application Security Assessment[EB/OL]. (2008-08-15). http://www, parosproxy. org/index,shtml.
  • 2OWASE OWASP Testing Project[EB/OL]. (2008-08-10). http:// www.owasp.org/.
  • 3Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2008-07-28). http://www, Webappsec.org/projeets/ articles/071105.html,.
  • 4Fortify Software Inc.. Cross-site Scripting(XSS)[EB/OL]. (2008-04- 07). http://www.owasp.org/index.php/Cross-site Scripting_(XSS).
  • 5Ismail O, Etoh M, Kadobayashi Y. A Proposal and Implementation of Automatic Detection/Collection System for Cross-site Scripting Vulnerability[C]//Proc. of the 18th International Conference on Advanced Information Networking and Applications. Washington D C., USA: IEEE Computer Society. 2004.

共引文献27

同被引文献6

引证文献2

计算机工程
2011年 第18期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部