摘要
如今,随着Web技术的高速发展和互联网的大众化,Web安全领域受到了越来越多的威胁。跨站脚本攻击(Cross-site Scripting,缩写XSS)是这些安全隐患中危害性比较大,存在范围比较广的一种漏洞攻击。目前已有的XSS漏洞检测挖掘工具和技术还不够完善,存在检测速度较慢、漏报率高等缺点。研究设计了一款基于网络爬虫和Fuzzing模糊技术的漏洞挖掘检测工具。其中对于网络爬虫进行了大幅度的效率优化。并与当前现有的漏洞挖掘工具进行测试对比,证明该工具可以高效的进行漏洞挖掘。
With the growth of Internet popularity and the rapid evolution of Web technologies, challenges to online security become more and more serious. Existing XSS vulnerability detection technology is not perfect. For example, there is a need to open source code, the slow speed of detection and high rate of missing report. Therefore, it is necessary to do further research. XSS vulnerability detection principle, Technology and Research conducted in-depth study and research. The main work of this paper contains research and design of Vulnerability Mining Tool Base On Crawler and Fuzzing. Including efficiency optimization of crawler and testing and comparing the tool with current popular vulnerability mining tools to improve the tool can do vulnerability mining efficiently.
出处
《微型电脑应用》
2016年第3期73-76,80,共5页
Microcomputer Applications
关键词
网页前端安全
漏洞挖掘
跨站脚本攻击
模糊测试
Web Front-end Security
Vulnerability Mining
XSS(Cross-site Scripting)
Fuzzing Technology