摘要
面对高交互性、高复杂性的网络操作过程,有效提升对XSS漏洞的检测、防御能力有利于提高Web安全。本文提出了一种主动提升对XSS漏洞的检测与防御能力的方法,该方法通过网络爬虫爬取Web交互页面,结合XSS漏洞的特征,基于Fuzzing技术主动挖掘潜在漏洞,利用渗透工具模拟攻击并捕获网络攻击流量,提取攻击特征,最终结合Snort防御告警主动提升Web安全。实验测试表明,该方法可有效检测XSS漏洞,结合对Snort规则库的补充升级,能够有效提升对XSS漏洞的防御能力。
Surrounding with all kinds of network operation processes of high interaction and high complexity, the effective prevention and detection of Cross-site scripting (XSS) vulnerability favour the improvement in Web security. The paper describes a method of using Crawler's technology to download the content of Interactive page, dig vulnerability with Fuzzing technology, and then to capture network attacks, extract features from the attacks, and at last enhancing the ability of Snort to prevention and detection of XSS vulnerability. We also verify the method with actual experienment, finally the result of the experiment verifies that the method using certain snort and it's effective to improve the detection capabilities. fuzzing test inputs can upgrade the rules of
出处
《电子设计工程》
2017年第5期33-36,41,共5页
Electronic Design Engineering