期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

针对XSS攻击的监控预警系统 被引量:1

Monitoring and warning system for XSS attacks
下载PDF
导出
摘要 XSS,即跨站脚本攻击(Cross Site Script)是Web程序中最常见的漏洞之一,针对XSS攻击众多学者也提出了许多检测与防御方法。文中试着从一个新的角度,借助HTML5的一些新特性,提出一套纯前端脚本实现的在线预警系统,在可疑XSS攻击发生时能及时修复漏洞。在文章最后,还将该系统与HTML5自身的XSS解决方案CSP(Content Security Policy)进行对比,分析其优劣。 XSS,Cross Site Scripting,is one of the most common vulnerabilities in Web applications.Many scholars also put forward a lot of methods to detect and defend XSS attack. This paper tries to use some new features of HTML5 to propose a warning system on the Web front-end which can fix the vulnerability in time. In the end of the paper,the system is compared with the XSS solution CSP,Content Security Policy,which is introduced by HTML5 itself.
作者 任航 张保稳
机构地区 上海交通大学信息安全工程学院网络攻防实验室
出处 《信息技术》 2016年第11期130-133,共4页 Information Technology
关键词 XSS HTML5 客户端脚本 监控预警系统 XSS HTML5 client script monitoring and early warning system
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

二级参考文献36

  • 1CERT. CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests [ EB/OL]. http:/! www. cert. org/advisories/CA-2000-02, htm1,2000-02-03.
  • 2Xu W, Bhatkar S, Sekar R. Taint-enhanced policy enforce- ment : A practical approach to defeat a wide range of attacks [ C ]//Proceedings of the 15th Conference on USENIX Se- curity Symposium. 2006,15 : 121-136.
  • 3Nanda S, Lam L C, Chiueh T. Dynamic muhiprocess infor- mation flow tracking for Web application security [ C ]/! Proceedings of the 8th ACM/IFIP/USENIX International Conference on Middleware. 2007.
  • 4Nguyen-Tuong A, Guarnieri S, Greene D, et al. Automatical- ly hardening Web applications using precise tainting[ C ]/! Proceedings of the 20th IFIP International Information Se- curity Conference. 2005:295-305.
  • 5Pietraszek T, Berghe C V. Defending against injection at- tacks through context-sensitive string evaluation [ C ]//Pro- ceedings of the Sth International Symposium on Recent Ad- vances in Intrusion Detection. 2005 : 124-145.
  • 6Bisht P, Venkatakrishnan V N. XSS-GUARD: Precise dy- namic prevention of cross-site scripting attacks [ C ]//Pro- ceedings of the 5th International Conference on Detection ofIntrusions and Malware, and Vulnerability Assessment. 2008 : 23-43.
  • 7Vogt P, Nentwich F, Jovanovic N, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis [ C]//Proceedings of the Net- work and Distributed System Security Symposium(NDSS). San Diego,CA,USA,2007.
  • 8Jim T,Swamy N,Hicks M. Defeating script injection attacks with browser-enforced embedded policies [ C ]//Proceedings of the 16th International Conference on World Wide Web. 2007:601-610.
  • 9Van Gundy M, Chen H. Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks[ C]//Proceedings of the 16th Annual Net- work and Distributed System Security Symposium(NDSS). San Diego, CA, USA, 2009:56-64.
  • 10石华耀,等.黑客攻防技术宝典[M].北京:人民邮电出版社,2009.

共引文献24

同被引文献8

引证文献1

信息技术
2016年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部