期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

论XSS攻击方式和防范措施

On XSS Attacks and Prevention Measures
下载PDF
导出
摘要 随着网络安全问题越来越突出,利用XSS(跨站脚本攻击)进行网络攻击的现象越来越显著.通过对XSS(跨站脚本攻击)漏洞的介绍,通过实例论述一些常见的XSS漏洞攻击的检测方式,分别在普通网络用户和网络管理端两个方面论述了一些相应防范方法. As network security problems increase, network attacks by using scripting} have become prominent. The vulnerability of XSS is introduced. the XSS ( cross site Examples are cited to illustrate some common XSS vulnerability detection methods. Some prevention methods con- ceming common network users and the network management terminal are introduced.
作者 张飞 朱志祥 王雄
机构地区 西安邮电大学通信技术研究所
出处 《西安文理学院学报(自然科学版)》 2013年第4期53-57,共5页 Journal of Xi’an University(Natural Science Edition)
关键词 XSS 安全意识 攻击方式 防范方法 XSS safety consciousness means of attack prevention method
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1CERT.CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests[EB/OL].http://www.cert.org/advisories/CA-2000-02.html.[2012-02-03].
  • 2CHRISTEY S,MARTIN A R.Vulnerability type distributions in CVE[EB/OL].http://cwe.mitre.org/documents/vuln-trends/index.html#tablel.[2012-06-08].
  • 3陈建青,张玉清.Web跨站脚本漏洞检测工具的设计与实现[J].计算机工程,2010,36(6):152-154. 被引量:18
  • 4沈寿忠,张玉清.基于爬虫的XSS漏洞检测工具设计与实现[J].计算机工程,2009,35(21):151-154. 被引量:28
  • 5"Cross-site Scripting (XSS)"[EB/OL],http://www.owasp.org/index.php/XSS.[2012-08-19].
  • 6"Cross-site Scripting"[EB/OL],http://en.wikipedia.org/wiki/Cross site scripting.[2012-08-19].
  • 7BALZAROTTI D,COVA M,FELMETSGER V,et al.Saner:Composing Static and Dynamic Analysis to Validate Sanitization in Web Appplications[C].In Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,May 2008.
  • 8BISHTAND P,VE NKATAKRISHNAN V N.XSS-GUARD:precise dynamic prevention of cross-site scripting attacks[C].In Detection of Intrusions and Malware,and Vulnerability Assessment,2008.
  • 9MARTIN M,LAM M S.Automatic generation of XSS and SQL injection attacks with goal-directed model checking[C].In 17th USENIX Security Symposium,2008.
  • 10NADA S,LAM L-C,CHIUEH T.Dynamic multiprocess information flow tracking for web application security[C].In Proceedings of the 8th ACM/IFIP/USENIX international conference on Middleware.2007.

二级参考文献10

  • 1Chinotec Technologies Company. Paros--for Web Application Security Assessment[EB/OL]. (2008-08-15). http://www, parosproxy. org/index,shtml.
  • 2OWASE OWASP Testing Project[EB/OL]. (2008-08-10). http:// www.owasp.org/.
  • 3Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2008-07-28). http://www, Webappsec.org/projeets/ articles/071105.html,.
  • 4Fortify Software Inc.. Cross-site Scripting(XSS)[EB/OL]. (2008-04- 07). http://www.owasp.org/index.php/Cross-site Scripting_(XSS).
  • 5Ismail O, Etoh M, Kadobayashi Y. A Proposal and Implementation of Automatic Detection/Collection System for Cross-site Scripting Vulnerability[C]//Proc. of the 18th International Conference on Advanced Information Networking and Applications. Washington D C., USA: IEEE Computer Society. 2004.
  • 6National Vulnerability Database(NVD)[Z]. [2009-04-16]. http://nvd.nist.gov/home.cfm.
  • 7Paros[Z]. [2009-04-16]. http://www.parosproxy.org/index.shtml.
  • 8XSS-Me[Z]. [2009-04-16]. http://www.securitycompass.com/exploite.tml.
  • 9Auronen L. Tool-based Approach to Assessing Web Application Security[D]. Helsinki, Finland: Helsinki University of Technology, 2002.
  • 10Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2005-07-04). http://www.webappsec.org/projects/ articles/071105.html.

共引文献39

西安文理学院学报(自然科学版)
2013年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部