期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Web应用中XSS攻击的分析和防御 被引量:3

XSS attack's analysis and defense based on Web application
下载PDF
导出
摘要 随着Web应用在互联网中的迅速发展,出现了大量的Web安全漏洞,其中最为突出的是跨站脚本(XSS)漏洞攻击。为了对Web应用中的XSS漏洞进行有效的检测和防御,通过分析XSS漏洞的特征及原理,总结出产生该漏洞攻击的几大主要原因,结合目前常用漏洞检测方法提出几种XSS漏洞攻击的防御方法,可有效识别和防范XSS漏洞攻击,对Web应用具有较高的实用性。 With the rapid development of Web applications in the Interact, a lot of Web security vulnerabilities come into being, of which the most prominent is the cross-site scripting (XSS) vulnerability attacks. In order to make effective detection and prevention for XSS vulnerabilities in Web applications, this paper analyzes the characteristics and principles of XSS vulnerabilities, summaries several main reasons causing the vulnerability attacks, and proposes several detection methods for XSS vulnerabilities attacks, which can identify and prevent XSS vulnerabilities attacks effectively on Web applications with high availability.
作者 李旭芳 陈家琪
机构地区 上海理工大学光电信息与计算机工程学院
出处 《信息技术》 2014年第11期16-20,共5页 Information Technology
基金 上海市教委科研创新项目(12zz146)
关键词 WEB应用 XSS漏洞攻击 XSS漏洞防御 Web application XSS vulnerability attack XSS vulnerability defense
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

二级参考文献40

  • 1Chinotec Technologies Company. Paros--for Web Application Security Assessment[EB/OL]. (2008-08-15). http://www, parosproxy. org/index,shtml.
  • 2OWASE OWASP Testing Project[EB/OL]. (2008-08-10). http:// www.owasp.org/.
  • 3Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2008-07-28). http://www, Webappsec.org/projeets/ articles/071105.html,.
  • 4Fortify Software Inc.. Cross-site Scripting(XSS)[EB/OL]. (2008-04- 07). http://www.owasp.org/index.php/Cross-site Scripting_(XSS).
  • 5Ismail O, Etoh M, Kadobayashi Y. A Proposal and Implementation of Automatic Detection/Collection System for Cross-site Scripting Vulnerability[C]//Proc. of the 18th International Conference on Advanced Information Networking and Applications. Washington D C., USA: IEEE Computer Society. 2004.
  • 6National Vulnerability Database(NVD)[Z]. [2009-04-16]. http://nvd.nist.gov/home.cfm.
  • 7Paros[Z]. [2009-04-16]. http://www.parosproxy.org/index.shtml.
  • 8XSS-Me[Z]. [2009-04-16]. http://www.securitycompass.com/exploite.tml.
  • 9Auronen L. Tool-based Approach to Assessing Web Application Security[D]. Helsinki, Finland: Helsinki University of Technology, 2002.
  • 10Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2005-07-04). http://www.webappsec.org/projects/ articles/071105.html.

共引文献56

同被引文献16

引证文献3

二级引证文献4

信息技术
2014年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部