摘要
跨站脚本攻击(XSS)是客户端Web安全的主要威胁。因跨站脚本攻击的多样性以及Web安全漏洞的隐蔽性,使得该类型的攻击很难彻底防御。介绍了跨站脚本攻击的基本概念,针对不同环境发生的跨站脚本攻击机制进行了分析,探讨了不同环境下如何防御跨站脚本攻击的具体技术。
Cross site scripting (XSS) attack is a major threat to the security of Web client. Because of the diversity of XSS attacks and Web security vulnerabilities hidden, this type of attack is very difficult to completely defense. This paper introduces the basic concept of XSS attacks, analyzes the XSS attack mechanisms of different environment, and discusses the specific technology to defense the XSS attacks of different environment.
作者
葛强
李俊
胡永权
Ge Qiang Li Jun Hu Yongquan(College of Computer and Information Engineering, Henan University, Kaifeng, Henan 475004, China College of Environment and Planning, Henan University Information Office)
出处
《计算机时代》
2016年第10期11-14,共4页
Computer Era
基金
河南省科技攻关计划(142102210397)
河南省高等学校重点科研项目(15A520008)
河南大学科研基金项目(xxjc20140007)