摘要
跨站脚本XSS(Cross Site Scripting)漏洞已经成为了大多数网站共同面对的Web安全问题,对XSS漏洞的有效预防检测有利于提高Web安全。分析XSS漏洞的攻击原理,指出现有动态分析方法在检测存储型XSS漏洞方面的不足,提出一种有效的存储型漏洞动态检测方法。设计并实现了Stored-XSS漏洞动态检测模型,并在实际的场景下对该模型进行了测试评估,实验证明提出的方法能对存储型XSS漏洞进行有效检测。
Cross-site scripting(XSS) vulnerability has become the Web security problem for most websites,effective prevention and detection of XSS vulnerability favour the improvement in Web security.In the paper,we analyse the attacking principle of XSS vulnerability,and point out the inadequacy of existing dynamic analysis methods in detecting stored-XSS vulnerability.An effective dynamic detection method for stored-XSS vulnerability is proposed,moreover we also design and implement a dynamic detection model for the stored-XSS vulnerability,as well as carry out testing and evaluation on this model in practical scenario.Experiments prove that the method proposed in the paper can detect stored-XSS vulnerability effectively.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第3期17-21,共5页
Computer Applications and Software
基金
国家自然科学基金委员会与中国民航空局联合资助项目(60979011)