期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

对多种Web语言嵌套的跨站过滤分析 被引量:5

Analysis on XSS Nested in a Variety of Web Language
原文传递
导出
摘要 由于网站服务的应用广泛性,跨站攻击已经上升为互联网中数量最多的攻击手段,对跨站代码的过滤已经成为各个网站的重中之重。网站要对跨站进行过滤就要充分了解跨站产生的机理,并且要理解数据代码在Web应用程序中的解析过程。这两点只是基本的要素,要想尽可能完全地过滤跨站代码,就要进一步针对各种语言解析模块之间的关系,研究和分析在各种模块互相嵌套下跨站的复杂性才行,这样根据各种情况才能得到降低跨站威胁的有效措施。 For the wide application of Web services, XSS attack rises to the largest number of Internet attack, and the filtering of cross-site code has becomes the most priority for each Website. To implement cross-site filtering, it is necessary for Website to fully understand the mechanism of cross-site and the parsing process of data code in the Web application, and these two are just basic elements. For the as-possible-as completion of cross-site code filtering, it is necessary to further study and analyze the relationship between parsing modules of various languages, including the complexity of XSS nested in a variety of modules, So an effective measure could be achieved and the threat of cross- site under various circumstances be reduced.
作者 李鑫 周安民 周妍 蒲伟
机构地区 四川大学电子信息学院信息安全研究所 四川信息安全测评中心
出处 《信息安全与通信保密》 2012年第8期103-105,共3页 Information Security and Communications Privacy
关键词 跨站 代码解析过程 Web语言互相嵌套 XSS code parsing process nested in a variety of Web language
分类号 TP393.09 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

二级参考文献27

  • 1国家互联网应急中心.CNCERT/CC2008年上半年网络安全工作报告[EB/OL].[2009-05-04].http://www.cert.org.cn/UserFiles/File/CISR2008fh.pdf1.pdf.
  • 2HTTPOnly-OWASP. HTTPOnly[EB/OL]. (2009-08-15). [2009-08-15]. http://www. owasp. org/index. php/HTTPOnly#Browsers_ Supportin g_ HTTPOnly.
  • 3RSNAKE. XSS (Cross Site Scripting) Cheat Sheet Esp: for filter evasion [EB/OL]. (2009-08-15)[2009-08-15]. http://ha. ckers. org/xss. html.
  • 4NEXUS. Applying XSS to Phishing Attacks [EB/OL]. (2007-05-03) [2009-08-15]. http://www. xssed. com/article/5/Paper_ Applying _XSS _to _Phishing_Attacks/.
  • 5TIWARI S, BANSAL R, BANSAL D. Optimized Client Side Solution for Cross Site Scripting[J]. Networks, 2008(16):1.
  • 6HARTLEY D. Secure Ecommerce Web Application Design Principles Beyond PCI DSS[J].Computer Fraud & Security, 2009(06):13-17.
  • 7GOLLMANND. Securing Web Applications[J]. Information Security Technical Report, 2008(13):1-9.
  • 8Forte D. Anatomy of a Phishing Attack: A High-level Overview[J]. Network Security, 2009(04):17-19.
  • 9MARTIN Bob, BROWN Mason, PALLER Alan. 2009 CWE/ SANS Top 25 Most Dangerous Programming Errors[EB/OL]. (2009-11-29). http: //cwe.mitre.org/top25/pdf/2009_cwe_sans_ top_25.pdf.
  • 10GROSSMAN Jeremiah, HANSEN Robert, FOGIE Seth, et al. Cross Site Scripting Attacks[M]. [s.l.]: Syngress, 2007.

共引文献39

同被引文献26

  • 1周婷,刘鑫,刘坚.使用PHP构建Web应用如何避免XSS攻击[EB/OL].(2009-3-19)[2012-10-15].http://www.ibm.com/developerworks/cn/opensource/os-cn-php-xss/#2.
  • 2乌云白帽子.dedeCMS权限绕过导致跨站攻击[EB/OL].(2012-11-8)[2012-11-12]. http: //www.wooyun.org/bugs/ wooyun-2012-014501.
  • 3余弦.XSSHack:获取浏览器记住的明文密码[DB/OL].(2012-2)[2012-8-10].http://evilcos.me/paper/.
  • 4DAFYDD Stuttard, MARCUS Ponto.黑客攻防技术宝典Web实战篇[M].石华耀,傅志红,译.第2版.北京:人民邮电出版社,2012:315-365.
  • 5ORLOFF Jeff. OWASP_Top_10_2010[EB/OL].(2010-4-19)[2012-11-12]. https: //www.owasp.org/index.php/ Category: OWASP_Top_Ten_Projeet.
  • 6乌云白帽子.WooYun-2012-14488[EB/OL].(2012-11-8)[2012-1 1-8]. http: //www.wooyun.org/bugs/ wooyun-2010-014488.
  • 7乌云白帽子.WooYun-2012-15312[EB/OL].(2012-11-27)[2012-12-2]. http: //www.wooyun.org/bugs/ wooyun-2010-015312.
  • 8夏克强.CSRF(跨站伪冒请求)攻击的分析与防护[EB/OL].(2011-03-5)[2012-12-3]. http: //wenku.baidu.com/ view/3 c03 d 12f453610661 ed9f426.html.
  • 9吴瀚清.白帽子讲Web安全[M].北京:电子工业出版社,2012.
  • 10zciii.跨域通信与实验[EB/OL].(2012-8-30)[2012-12-20].http://zciii.com/blogwp/crossdomain/.

引证文献5

二级引证文献20

信息安全与通信保密
2012年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部